diff --git a/conf.d/10-pf.conf b/conf.d/10-pf.conf
index ab97c72d0c7c4689479fc5b77c49672958cb3368..f63f41bac4b17e873a9e291ccc938c357af598aa 100644
--- a/conf.d/10-pf.conf
+++ b/conf.d/10-pf.conf
@@ -1,13 +1,14 @@
 # 10-pf.conf
 filter {
   if "pf" in [tags] {
-    date {
-       match => [ "timestamp", " MMM dd HH:mm:ss" ]
-       target => "@timestamp"
-    }
     grok {
-        patterns_dir => ["/etc/logstash/conf.d/patterns"]
-        match => [ "message", "%{PFSENSE}", "message", "%{OPNSENSE}" ]
+      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
+      add_field => [ "received_at", "%{@timestamp}" ]
+      add_field => [ "received_from", "%{host}" ]
+    }
+    date {
+      match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
+      locale => "en"
     }
     mutate {
       replace => [ "message", "%{msg}" ]