From 393a0595ad9ea5c1139e77d1185dd7e47682160c Mon Sep 17 00:00:00 2001
From: Andrew <a@3ilson.com>
Date: Mon, 30 Sep 2019 21:57:58 -0400
Subject: [PATCH] Update 10-pf.conf

---
 conf.d/10-pf.conf | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/conf.d/10-pf.conf b/conf.d/10-pf.conf
index ab97c72..f63f41b 100644
--- a/conf.d/10-pf.conf
+++ b/conf.d/10-pf.conf
@@ -1,13 +1,14 @@
 # 10-pf.conf
 filter {
   if "pf" in [tags] {
-    date {
-       match => [ "timestamp", " MMM dd HH:mm:ss" ]
-       target => "@timestamp"
-    }
     grok {
-        patterns_dir => ["/etc/logstash/conf.d/patterns"]
-        match => [ "message", "%{PFSENSE}", "message", "%{OPNSENSE}" ]
+      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
+      add_field => [ "received_at", "%{@timestamp}" ]
+      add_field => [ "received_from", "%{host}" ]
+    }
+    date {
+      match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
+      locale => "en"
     }
     mutate {
       replace => [ "message", "%{msg}" ]
-- 
GitLab