diff --git a/conf.d/05-syslog.conf b/conf.d/05-syslog.conf
index acc3d666e78d4004a4b2a61c8a01d8b91b8e9ad3..333a7152b67bdf653330b46450e6aed52788cef2 100644
--- a/conf.d/05-syslog.conf
+++ b/conf.d/05-syslog.conf
@@ -1,18 +1,16 @@
 # 05-syslog.conf
 filter {
   if [type] == "syslog" {
-    if [host] =~ /172\.22\.2\.1/ {
+    if [host] =~ /172\.22\.33\.1/ {
       mutate {
         add_tag => ["pf", "Ready"]
       }
     }
-    #Second instance - add and repeat this for multiple syslogs
-    if [host] =~ /192\.168\.1\.1/ {
+    if [host] =~ /172\.2\.22\.1/ {
       mutate {
         add_tag => ["pf-2", "Ready"]
       }
     }
-    #Second instance
     if "Ready" not in [tags] {
       mutate {
         add_tag => [ "syslog" ]
@@ -20,3 +18,10 @@ filter {
     }
   }
 }
+filter {
+  if [type] == "syslog" {
+    mutate {
+      remove_tag => "Ready"
+    }
+  }
+}