Wazuh - firewall filterlog - include label in the log message?

[proutfoo]

Hello,

The firewall live view is a super tool and has alot of info when it comes to blocks. I am using wazuh and I am successfully getting logs sent to wazuh from the opnsense router.

I note however that some interesting info is not sent, specifically the name of the interface (the devicename yes, not the common name), and also the label. Here is an example log message

Sep 22 23:51:06 OPNsense.localdomain filterlog[95260]: 107,,,2956dfb9e11c9187b293c85d71232195,vtnet0,match,block,in,4,0x0,,63,30380,0,none,6,tcp,60,172.25.25.12,158.xxx.xxx.xxx,57610,443,0,S,1541627095,,64240,,mss;sackOK;TS;nop;wscale


so although I blocked 158.xxx.xxx.xxx, I can't see in wazuh or in the syslog. In this particular case, 158.xxx.xxx.xxx is in a Alias definition.

It would be super cool to have this label and perhaps even the interface common names logged.  I have to log into the OPNsense router to learn more about any blocks that I am logging.

I am open to other ways to get this info via the wazuh agent?  Cheers and thanks for your help