From 94006518f665812170869ba2fc67aea4799abf10 Mon Sep 17 00:00:00 2001 From: Andrew <a@3ilson.com> Date: Mon, 30 Sep 2019 22:49:48 -0400 Subject: [PATCH] Update 15-others.conf --- conf.d/15-others.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/conf.d/15-others.conf b/conf.d/15-others.conf index 5ba47a8..202b168 100644 --- a/conf.d/15-others.conf +++ b/conf.d/15-others.conf @@ -7,7 +7,7 @@ filter { } grok { patterns_dir => ["/etc/logstash/conf.d/patterns"] - match => [ "message", "%{DHCPD}"] + match => [ "syslog_message", "%{DHCPD}"] } } if [syslog_program] =~ /^charon$/ { @@ -26,7 +26,7 @@ filter { } grok { patterns_dir => ["/etc/logstash/conf.d/patterns"] - match => [ "message", "%{OPENVPN}"] + match => [ "syslog_message", "%{OPENVPN}"] } } if [syslog_program] =~ /^ntpd/ { @@ -40,7 +40,7 @@ filter { } grok { patterns_dir => ["/etc/logstash/conf.d/patterns"] - match => [ "message", "%{PF_APP}%{PF_APP_DATA}"] + match => [ "syslog_message", "%{PF_APP}%{PF_APP_DATA}"] } mutate { lowercase => [ 'pf_ACTION' ] -- GitLab