From 6a0c4cc2a93a7c1773dedef405a2584a6d0be2d8 Mon Sep 17 00:00:00 2001
From: Andrew <a@3ilson.com>
Date: Mon, 30 Sep 2019 22:47:20 -0400
Subject: [PATCH] Update 13-snort.conf

---
 conf.d/13-snort.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf.d/13-snort.conf b/conf.d/13-snort.conf
index e5492ea..93226a6 100644
--- a/conf.d/13-snort.conf
+++ b/conf.d/13-snort.conf
@@ -6,7 +6,7 @@ filter {
     }
     grok {
       patterns_dir => ["/etc/logstash/conf.d/patterns"]
-      match => [ "message", "%{SNORT}"]
+      match => [ "syslog_message", "%{SNORT}"]
     }
     if ![geoip] and [source][ip] {
     # Check if source IP address is private.
-- 
GitLab