From 5c1242371b50427310530f0bc01406af1884893a Mon Sep 17 00:00:00 2001
From: Andrew <a@3ilson.com>
Date: Mon, 30 Sep 2019 22:00:43 -0400
Subject: [PATCH] Update 12-suricata.conf

---
 conf.d/12-suricata.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/conf.d/12-suricata.conf b/conf.d/12-suricata.conf
index a191cf0..e7ee141 100644
--- a/conf.d/12-suricata.conf
+++ b/conf.d/12-suricata.conf
@@ -1,6 +1,6 @@
 # 12-suricata.conf
 filter {
-  if "pf" in [tags] and [application] =~ /^suricata$/ {
+  if "pf" in [tags] and [syslog_program] =~ /^suricata$/ {
     mutate {
       add_tag => [ "Suricata" ]
     }
@@ -84,12 +84,12 @@ filter {
           target => "[destination][as]"
         }
         mutate {
-        rename => { "[destination][as][asn]" => "[destination][as][number]"}
+            rename => { "[destination][as][asn]" => "[destination][as][number]"}
             rename => { "[destination][as][as_org]" => "[destination][as][organization][name]"}
         }
   	  }
 	}
-    mutate {
+        mutate {
 	    add_field => { "[event][module]" => "suricata"}
 	    add_field => { "[event][dataset]" => "suricata"}
 	    rename => { "[message]" => "[event][original]"}
-- 
GitLab