diff --git a/conf.d/10-pf.conf b/conf.d/10-pf.conf index f63f41bac4b17e873a9e291ccc938c357af598aa..3096982cf1eb8fe099b9f4e1958fa5cec27bd51e 100644 --- a/conf.d/10-pf.conf +++ b/conf.d/10-pf.conf @@ -11,10 +11,8 @@ filter { locale => "en" } mutate { - replace => [ "message", "%{msg}" ] - } - mutate { - remove_field => [ "msg" ] + copy => { "[message]" => "[event][original]"} + replace => [ "syslog_message", "%{message}" ] } } }