From 265b970883b1fa55dc2f412963a20477540f08de Mon Sep 17 00:00:00 2001
From: Andrew <a@3ilson.com>
Date: Wed, 2 Oct 2019 18:48:45 -0400
Subject: [PATCH] Update 05-syslog.conf

---
 conf.d/05-syslog.conf | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/conf.d/05-syslog.conf b/conf.d/05-syslog.conf
index acc3d66..333a715 100644
--- a/conf.d/05-syslog.conf
+++ b/conf.d/05-syslog.conf
@@ -1,18 +1,16 @@
 # 05-syslog.conf
 filter {
   if [type] == "syslog" {
-    if [host] =~ /172\.22\.2\.1/ {
+    if [host] =~ /172\.22\.33\.1/ {
       mutate {
         add_tag => ["pf", "Ready"]
       }
     }
-    #Second instance - add and repeat this for multiple syslogs
-    if [host] =~ /192\.168\.1\.1/ {
+    if [host] =~ /172\.2\.22\.1/ {
       mutate {
         add_tag => ["pf-2", "Ready"]
       }
     }
-    #Second instance
     if "Ready" not in [tags] {
       mutate {
         add_tag => [ "syslog" ]
@@ -20,3 +18,10 @@ filter {
     }
   }
 }
+filter {
+  if [type] == "syslog" {
+    mutate {
+      remove_tag => "Ready"
+    }
+  }
+}
-- 
GitLab