diff --git a/conf.d/13-snort.conf b/conf.d/13-snort.conf
index e5492ea03c496cf559dda796b4a8b4be6ac33e6c..93226a62eb39f7281c5228c3515f4ad608fb0fda 100644
--- a/conf.d/13-snort.conf
+++ b/conf.d/13-snort.conf
@@ -6,7 +6,7 @@ filter {
     }
     grok {
       patterns_dir => ["/etc/logstash/conf.d/patterns"]
-      match => [ "message", "%{SNORT}"]
+      match => [ "syslog_message", "%{SNORT}"]
     }
     if ![geoip] and [source][ip] {
     # Check if source IP address is private.