diff --git a/11-pf.conf b/11-pf.conf
index 09a25d32a8f08426dbd7ca80bedaef2163a75e6b..2e58ef2c762063aea340be5b8fada737e747d1a1 100644
--- a/11-pf.conf
+++ b/11-pf.conf
@@ -61,7 +61,10 @@ filter {
             if [prog] =~ /^openvpn/ {
               mutate {
                 add_tag => [ "openvpn" ]
-                match =>  [ "message", "%{OPENVPN}"
+              }
+              grok {
+                  patterns_dir => ["/etc/logstash/conf.d/patterns"]
+                  match => [ "message", "%{OPENVPN}"]
               }
             }
             if [prog] =~ /^ntpd/ {