diff --git a/11-pf.conf b/11-pf.conf index 211c13de07dfdff1b18c73104a2576fc6488bdd1..fc61eb559cb79cb72086eb7767576cc2c217be8b 100644 --- a/11-pf.conf +++ b/11-pf.conf @@ -32,7 +32,7 @@ filter { } grok { patterns_dir => ["/etc/logstash/conf.d/patterns"] - match => [ "message", "%{PF_SURICATA}"] + match => [ "message", "%{SURICATA}"] } if ![geoip] and [ids_src_ip] !~ /^(10\.|192\.168\.)/ { geoip {