diff --git a/conf.d/10-pf.conf b/conf.d/10-pf.conf index 85064c1367bc56d9b9a99e6cb9780c5b4c92a33a..ab97c72d0c7c4689479fc5b77c49672958cb3368 100644 --- a/conf.d/10-pf.conf +++ b/conf.d/10-pf.conf @@ -7,7 +7,7 @@ filter { } grok { patterns_dir => ["/etc/logstash/conf.d/patterns"] - match => [ "message", "%{OPNSENSE}"] + match => [ "message", "%{PFSENSE}", "message", "%{OPNSENSE}" ] } mutate { replace => [ "message", "%{msg}" ]