Beginning to receive logs from pfSense/Suricata and noticed something was off. When trying to parse the JSON messages, very few messages would actually pass. Nothing wrong with Graylog JSON parser, but simply that pfSense syslog daemon will automatically truncate exported messages to 480 bytes max. 480 bytes is a fair bit, but not enough when outputting in JSON format from Suricata. So this is a bit marginal use case; exporting JSON formatted logs from Suricata in pfSense :)
Project: Have to know my openwrt access point a little better. I.e. gather logs from the access point and point these logs to a central location and somehow display and search the logs. Possible even an alert, when something bad is happening. On the backburner is adding other devices and adding some fancy displays.
Page 3 of 3