diff --git a/conf.d/11-firewall.conf b/conf.d/11-firewall.conf index e57e1bb262435cfca4bd6c75dec72456b3d1b595..e4c680de0f7a2a094431d70a2a81c293f7c3c4d5 100644 --- a/conf.d/11-firewall.conf +++ b/conf.d/11-firewall.conf @@ -1,6 +1,6 @@ # 11-firewall.conf filter { - if "pf" in [tags] and [application] =~ /^filterlog$/ { + if "pf" in [tags] and [syslog_program] =~ /^filterlog$/ { mutate { remove_field => [ "msg", "datetime" ] }