TRANSFORMS-changesourcetype = fios, pfsense, asus, netgear, skyhub, linksys, mikro, openwrt
# Based on Asus RT-N66U router syslog output.
FIELDALIAS-dst = DST as dest_ip
FIELDALIAS-dpt = DPT as dest_port
FIELDALIAS-proto = PROTO as protocol
FIELDALIAS-SPT = SPT as src_port
FIELDALIAS-SRC = SRC as src_ip
EXTRACT-action = ^[^\]\n]*\]\s+(?P<action>\w+)
pulldown_type = 1
LOOKUP-action_lookup = action_lookup action OUTPUT action2
And made a quick change to the transforms.conf to include openwrt :
# Make sure that this matches the hostname of your router, openwrt is just an example.
REGEX = openwrt
SOURCE_KEY = MetaData:Host
FORMAT = sourcetype::openwrt
DEST_KEY = MetaData:Sourcetype
Special thanks to @LodiHensen [twitter] for helping test out this source type on OpenWRT.
I will add these updates to the next release of the home | monitor > app, but for now you can copy these entires for your props.conf and transforms.conf files.