From e0b2d117d47fdd7a512a349825896c55dfef0f62 Mon Sep 17 00:00:00 2001
From: a3ilson <a@3ilson.com>
Date: Sun, 12 Nov 2017 12:25:29 -0500
Subject: [PATCH] Update 11-pfsense.conf

---
 11-pfsense.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/11-pfsense.conf b/11-pfsense.conf
index 658c398..9f2ae40 100644
--- a/11-pfsense.conf
+++ b/11-pfsense.conf
@@ -45,8 +45,8 @@ if [prog] =~ /^filterlog$/ {
     grok {
       patterns_dir => "/etc/logstash/conf.d/patterns"
       match => [ "message", "%{PFSENSE_LOG_DATA}%{PFSENSE_IP_SPECIFIC_DATA}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA}",
-                 "message", "%{PFSENSE_LOG_DATA}%{PFSENSE_IPv4_SPECIFIC_DATA_ECN}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA}",
-                 "message", "%{PFSENSE_LOG_DATA}%{PFSENSE_IPv6_SPECIFIC_DATA}"]
+                 "message", "%{PFSENSE_LOG_DATA}%{PFSENSE_IPv4_SPECIFIC_DATA}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA}",
+                 "message", "%{PFSENSE_LOG_DATA}%{PFSENSE_IPv6_SPECIFIC_DATA}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA}"]
     }
     mutate {
       lowercase => [ 'proto' ]
-- 
GitLab