diff --git a/conf.d/11-firewall.conf b/conf.d/11-firewall.conf
index efcf07472133f819ce3c7eaa99274bfc1f98e3a3..93153292682d4cc2016a5f590f0a4e694e3a74e4 100644
--- a/conf.d/11-firewall.conf
+++ b/conf.d/11-firewall.conf
@@ -4,9 +4,9 @@ filter {
     grok {
       add_tag => [ "firewall" ]
       patterns_dir => ["/etc/logstash/conf.d/patterns"]
-      match => [ "message", "%{PF_LOG_DATA}%{PF_IP_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}",
-                 "message", "%{PF_IPv4_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}",
-                 "message", "%{PF_IPv6_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}"]
+      match => [ "syslog_message", "%{PF_LOG_DATA}%{PF_IP_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}",
+                 "syslog_message", "%{PF_IPv4_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}",
+                 "syslog_message", "%{PF_IPv6_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}"]
     }
     # Change interface as desired
       if [interface] =~ /^igb0$/ {