diff --git a/11-pfsense.conf b/11-pfsense.conf
index cf7533fb34c5e8866db8d50f8da2ae85d426f47f..658c398d6d30c6b36bdce64085eb0c4628e87e57 100644
--- a/11-pfsense.conf
+++ b/11-pfsense.conf
@@ -1,5 +1,5 @@
 filter {  
-  if "PFSense" in [tags] {
+  if "PFSense1" in [tags] {
     grok {
       add_tag => [ "firewall" ]
       match => [ "message", "<(?<evtid>.*)>(?<datetime>(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\s+(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9]) (?:2[0123]|[01]?[0-9]):(?:[0-5][0-9]):(?:[0-5][0-9])) (?<prog>.*?): (?<msg>.*)" ]
@@ -18,6 +18,26 @@ filter {
       remove_field => [ "msg", "datetime" ]
     }
 }
+#Support for multiple PFSense ingest
+# if "PFSense2" in [tags] {
+#   grok {
+#     add_tag => [ "firewall" ]
+#     match => [ "message", "<(?<evtid>.*)>(?<datetime>(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\s+(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9]) (?:2[0123]|[01]?[0-9]):(?:[0-5][0-9]):(?:[0-5][0-9])) (?<prog>.*?): (?<msg>.*)" ]
+#   }
+#   mutate {
+#     gsub => ["datetime","  "," "]
+#   }
+#   date {
+#     match => [ "datetime", "MMM dd HH:mm:ss" ]
+#     timezone => "America/New_York"
+#   }
+#   mutate {
+#     replace => [ "message", "%{msg}" ]
+#   }
+#   mutate {
+#     remove_field => [ "msg", "datetime" ]
+#   }
+#}
 if [prog] =~ /^filterlog$/ {  
     mutate {
       remove_field => [ "msg", "datetime" ]