From f4e95eb84de788465fee82adbec62fceb233bdc5 Mon Sep 17 00:00:00 2001
From: Andrew <a@3ilson.com>
Date: Mon, 30 Sep 2019 22:02:33 -0400
Subject: [PATCH] Update 15-others.conf

---
 conf.d/15-others.conf | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/conf.d/15-others.conf b/conf.d/15-others.conf
index 406f7ab..5ba47a8 100644
--- a/conf.d/15-others.conf
+++ b/conf.d/15-others.conf
@@ -1,7 +1,7 @@
 # 15-others.conf
 filter {
   if "pf" in [tags] {
-    if [application] =~ /^dhcpd$/ {
+    if [syslog_program] =~ /^dhcpd$/ {
       mutate {
         add_tag => [ "dhcpd" ]
       }
@@ -10,17 +10,17 @@ filter {
         match => [ "message", "%{DHCPD}"]
       }
     } 
-    if [application] =~ /^charon$/ {
+    if [syslog_program] =~ /^charon$/ {
       mutate {
         add_tag => [ "ipsec" ]
       }
     }
-    if [application] =~ /^barnyard2/ {
+    if [syslog_program] =~ /^barnyard2/ {
       mutate {
         add_tag => [ "barnyard2" ]
       }
     }
-    if [application] =~ /^openvpn/ {
+    if [syslog_program] =~ /^openvpn/ {
       mutate {
         add_tag => [ "openvpn" ]
       }
@@ -29,12 +29,12 @@ filter {
         match => [ "message", "%{OPENVPN}"]
       }
     }
-    if [application] =~ /^ntpd/ {
+    if [syslog_program] =~ /^ntpd/ {
       mutate {
         add_tag => [ "ntpd" ]
       }
     }
-    if [application] =~ /^php-fpm/ {
+    if [syslog_program] =~ /^php-fpm/ {
       mutate {
         add_tag => [ "web_portal" ]
       }
@@ -46,7 +46,7 @@ filter {
         lowercase => [ 'pf_ACTION' ]
       }
     }
-    if [application] =~ /^apinger/ {
+    if [syslog_program] =~ /^apinger/ {
       mutate {
         add_tag => [ "apinger" ]
       }
-- 
GitLab