diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md
index 7c0ecd5..497b1c7 100644
--- a/ARCHITECTURE.md
+++ b/ARCHITECTURE.md
@@ -347,6 +347,7 @@ RustNet draws inspiration from several network monitoring tools. Here's how it c
 | **Cross-platform** | Linux, macOS, Windows, FreeBSD | Linux, macOS | Linux, macOS, Windows | Linux, macOS, BSD | All | Linux | All |
 | **eBPF support** | Yes (Linux) | No | No | No | No | Yes | No |
 | **Landlock sandboxing** | Yes (Linux) | No | No | No | No | No | No |
+| **JSON event logging** | Yes | No | No | No | No | No | Yes |
 | **Packet capture** | libpcap | Raw sockets | libpcap | libpcap | Kernel | Kernel | libpcap |
 
 ### Tool Focus Areas
diff --git a/ROADMAP.md b/ROADMAP.md
index 1274cae..1487931 100644
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -110,7 +110,7 @@ The experimental eBPF support provides efficient process identification but has
 
 - [ ] **Internationalization (i18n)**: Support for multiple languages in the UI
 - [ ] **Connection History**: Store and display historical connection data
-- [ ] **Export Functionality**: Export connections to CSV/JSON formats
+- [ ] **Export Functionality**: On-demand snapshot export (`--json-log` provides streaming)
 - [ ] **Configuration File**: Support for persistent configuration (filters, UI preferences)
 - [ ] **Connection Alerts**: Notifications for new connections or suspicious activity
 - [ ] **GeoIP Integration**: Maybe add geographical location of remote IPs