From e6ffed5969b2e45dbf5407acf0d2043d0cb4f95f Mon Sep 17 00:00:00 2001
From: Andrew <a@3ilson.com>
Date: Wed, 2 Oct 2019 22:24:48 -0400
Subject: [PATCH] Update 10-pf.conf

---
 conf.d/10-pf.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/conf.d/10-pf.conf b/conf.d/10-pf.conf
index 603a443..52f5c01 100644
--- a/conf.d/10-pf.conf
+++ b/conf.d/10-pf.conf
@@ -2,7 +2,10 @@
 filter {
   if "pf" in [tags] {
     grok {
+      #OPNSense
       match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
+      #pfSense
+      #match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
       add_field => [ "received_at", "%{@timestamp}" ]
       add_field => [ "received_from", "%{host}" ]
     }
-- 
GitLab