Update pf-09.2019.grok

- Elastic Common Schema - Linked 10-pf.conf to lines 11-12 eliminating adjustment when using pfSense/OPNsense

Update pf-09.2019.grok
6713b07e · Andrew · GitHub · 4dfd190f · 6713b07e
Unverified Commit 6713b07e authored Sep 29, 2019 by Andrew Committed by GitHub Sep 29, 2019
--- a/pf-09.2019.grok
+++ b/pf-09.2019.grok
@@ -5,9 +5,12 @@
 # Edited 14 Feb 2015 by Elijah Paul elijah.paul@gmail.com
 # Edited 10 Mar 2015 by Bernd Zeimetz <bernd@bzed.de>
 # Edited 28 Oct 2017 by Brian Turek <brian.turek@gmail.com>
-# Edited 5 Jan 2017 by Andrew Wilson <andrew@3ilson.com>
+# Edited 2017-2019 by Andrew Wilson <andrew@3ilson.com>
 # Edited 30 Apr 2019 by Mike Eriksson <mike@swedishmike.org>
+PFSENSE %{MONTH}.%{MONTHDAY}.*%{TIME}.%{WORD:application}:.%{GREEDYDATA:msg}
+OPNSENSE %{MONTH}.%{MONTHDAY}.*%{TIME}.%{HOSTNAME}.%{WORD:application}:.%{GREEDYDATA:msg}
 PF_LOG_ENTRY %{PF_LOG_DATA}%{PF_IP_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}?
 PF_LOG_DATA %{INT:event.code},%{INT:sub_rule}?,,%{INT:tracker},%{DATA:interface},%{WORD:event.outcome},%{WORD:event.action},%{WORD:network.direction},
 PF_IP_DATA %{INT:length},%{IP:source.ip},%{IP:destination.ip},