CR-2026-02-26: Wazuh SIEM Integration — Risk & Comms

Key Lessons

Issue Solution

Issue	Solution
pfSense REST API lacks syslog	Use SSH-based PHP execution via netapi
Archives not indexing	Check `<logall>yes</logall>` in ossec.conf + Filebeat status
VyOS lacks Cisco DHCP Option 43	Use DNS CAPWAP discovery for WLC
jq + awk combination	jq for JSON parsing, awk for tabular formatting

pfSense REST API lacks syslog

Use SSH-based PHP execution via netapi

Archives not indexing

Check <logall>yes</logall> in ossec.conf + Filebeat status

VyOS lacks Cisco DHCP Option 43

Use DNS CAPWAP discovery for WLC

jq + awk combination

jq for JSON parsing, awk for tabular formatting