diff --git a/configfiles/1001_preprocess_syslogng.conf b/configfiles/1001_preprocess_syslogng.conf
index 5b7f3cc..e9aaf93 100644
--- a/configfiles/1001_preprocess_syslogng.conf
+++ b/configfiles/1001_preprocess_syslogng.conf
@@ -15,6 +15,7 @@ filter {
 		rename => { "PRIORITY" => "syslog-priority" }
 		rename => { "SOURCEIP" => "syslog-sourceip" }
 		rename => { "TAGS" => "syslog-tags" }
+		lowercase => [ "syslog-host_from" ]
           	#add_tag => [ "conf_file_1001"]
 	}
 	if "bro_" in [type] {