From 4dc9790391cd23a435f194314a7e8e7d86b30f3a Mon Sep 17 00:00:00 2001
From: Andrew <a@3ilson.com>
Date: Mon, 30 Sep 2019 22:01:38 -0400
Subject: [PATCH] Update 13-snort.conf

---
 conf.d/13-snort.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf.d/13-snort.conf b/conf.d/13-snort.conf
index 9b60c29..e5492ea 100644
--- a/conf.d/13-snort.conf
+++ b/conf.d/13-snort.conf
@@ -1,6 +1,6 @@
 # 13-snort.conf
 filter {
-  if "pf" in [tags] and [application] =~ /^snort/ {
+  if "pf" in [tags] and [syslog_program] =~ /^snort/ {
     mutate {
       add_tag => [ "Snort" ]
     }
-- 
GitLab