From f4930573c5f5226598d81713f793b85f11b6adc7 Mon Sep 17 00:00:00 2001
From: Andrew <a@3ilson.com>
Date: Mon, 30 Sep 2019 22:51:36 -0400
Subject: [PATCH] Update 11-firewall.conf

---
 conf.d/11-firewall.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/conf.d/11-firewall.conf b/conf.d/11-firewall.conf
index efcf074..9315329 100644
--- a/conf.d/11-firewall.conf
+++ b/conf.d/11-firewall.conf
@@ -4,9 +4,9 @@ filter {
     grok {
       add_tag => [ "firewall" ]
       patterns_dir => ["/etc/logstash/conf.d/patterns"]
-      match => [ "message", "%{PF_LOG_DATA}%{PF_IP_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}",
-                 "message", "%{PF_IPv4_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}",
-                 "message", "%{PF_IPv6_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}"]
+      match => [ "syslog_message", "%{PF_LOG_DATA}%{PF_IP_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}",
+                 "syslog_message", "%{PF_IPv4_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}",
+                 "syslog_message", "%{PF_IPv6_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}"]
     }
     # Change interface as desired
       if [interface] =~ /^igb0$/ {
-- 
GitLab