Paste #77918

Paste Details

reply | raw

posted on Apr 30, 2014, 9:06:08 AM

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
{:timestamp=>"2014-04-30T09:03:31.835000+0000", :message=>"Reading config file", :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/agent.rb", :level=>:debug, :line=>"299"}
{:timestamp=>"2014-04-30T09:03:32.208000+0000", :message=>"Compiled pipeline code:\n@inputs = []\n@filters = []\n@outputs = []\n@input_redis_1 = plugin(\"input\", \"redis\", LogStash::Util.hash_merge_many({ \"host\" => (\"127.0.0.1\".force_encoding(\"UTF-8\")) }, { \"data_type\" => (\"list\".force_encoding(\"UTF-8\")) }, { \"key\" => (\"logstash\".force_encoding(\"UTF-8\")) }, { \"codec\" => (\"json\".force_encoding(\"UTF-8\")) }))\n\n@inputs << @input_redis_1\n@filter_multiline_2 = plugin(\"filter\", \"multiline\", LogStash::Util.hash_merge_many({ \"negate\" => (\"true\".force_encoding(\"UTF-8\")) }, { \"pattern\" => (\"^%{TIMESTAMP_ISO8601} \".force_encoding(\"UTF-8\")) }, { \"what\" => (\"previous\".force_encoding(\"UTF-8\")) }, { \"stream_identity\" => (\"%{host}.%{filename}\".force_encoding(\"UTF-8\")) }))\n\n@filters << @filter_multiline_2\n@filter_multiline_3 = plugin(\"filter\", \"multiline\", LogStash::Util.hash_merge_many({ \"negate\" => (\"false\".force_encoding(\"UTF-8\")) }, { \"pattern\" => (\"^%{TIMESTAMP_ISO8601}%{SPACE}%{NUMBER}?%{SPACE}?TRACE\".force_encoding(\"UTF-8\")) }, { \"what\" => (\"previous\".force_encoding(\"UTF-8\")) }, { \"stream_identity\" => (\"%{host}.%{filename}\".force_encoding(\"UTF-8\")) }))\n\n@filters << @filter_multiline_3\n@filter_grok_4 = plugin(\"filter\", \"grok\", LogStash::Util.hash_merge_many({ \"match\" => {(\"message\".force_encoding(\"UTF-8\")) => (\"(?m)^%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}?%{SPACE}?(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR) \\\\[?\\\\b%{NOTSPACE:module}\\\\b\\\\]?%{SPACE}?%{GREEDYDATA:logmessage}?\".force_encoding(\"UTF-8\"))} }, { \"add_field\" => {(\"received_at\".force_encoding(\"UTF-8\")) => (\"%{@timestamp}\".force_encoding(\"UTF-8\"))} }))\n\n@filters << @filter_grok_4\n@filter_date_5 = plugin(\"filter\", \"date\", LogStash::Util.hash_merge_many({ \"match\" => [(\"logdate\".force_encoding(\"UTF-8\")), (\"yyyy-MM-dd HH:mm:ss.SSS\".force_encoding(\"UTF-8\")), (\"yyyy-MM-dd HH:mm:ss,SSS\".force_encoding(\"UTF-8\")), (\"yyyy-MM-dd HH:mm:ss\".force_encoding(\"UTF-8\")), (\"MMM  d HH:mm:ss\".force_encoding(\"UTF-8\")), (\"MMM dd HH:mm:ss\".force_encoding(\"UTF-8\")), (\"dd/MMM/yyyy:HH:mm:ss Z\".force_encoding(\"UTF-8\")), (\"yyyy-MM-dd HH:mm:ss.SSSZ\".force_encoding(\"UTF-8\")), (\"E MMM dd HH:mm:ss yyyy Z\".force_encoding(\"UTF-8\")), (\"E MMM dd HH:mm:ss yyyy\".force_encoding(\"UTF-8\"))] }))\n\n@filters << @filter_date_5\n@output_elasticsearch_6 = plugin(\"output\", \"elasticsearch\", LogStash::Util.hash_merge_many({ \"host\" => (\"127.0.0.1\".force_encoding(\"UTF-8\")) }))\n\n@outputs << @output_elasticsearch_6\n  @filter_func = lambda do |event, &block|\n    extra_events = []\n    @logger.info? && @logger.info(\"filter received\", :event => event)\n    newevents = []\n    extra_events.each do |event|\n      @filter_multiline_2.filter(event) do |newevent|\n        newevents << newevent\n      end\n    end\n    extra_events += newevents\n    @filter_multiline_2.filter(event) do |newevent|\n      extra_events << newevent\n    end\n    if event.cancelled?\n      extra_events.each(&block)\n      return\n    end\n    newevents = []\n    extra_events.each do |event|\n      @filter_multiline_3.filter(event) do |newevent|\n        newevents << newevent\n      end\n    end\n    extra_events += newevents\n    @filter_multiline_3.filter(event) do |newevent|\n      extra_events << newevent\n    end\n    if event.cancelled?\n      extra_events.each(&block)\n      return\n    end\n    newevents = []\n    extra_events.each do |event|\n      @filter_grok_4.filter(event) do |newevent|\n        newevents << newevent\n      end\n    end\n    extra_events += newevents\n    @filter_grok_4.filter(event) do |newevent|\n      extra_events << newevent\n    end\n    if event.cancelled?\n      extra_events.each(&block)\n      return\n    end\n    newevents = []\n    extra_events.each do |event|\n      @filter_date_5.filter(event) do |newevent|\n        newevents << newevent\n      end\n    end\n    extra_events += newevents\n    @filter_date_5.filter(event) do |newevent|\n      extra_events << newevent\n    end\n    if event.cancelled?\n      extra_events.each(&block)\n      return\n    end\n    \n    extra_events.each(&block)\n  end\n  @output_func = lambda do |event, &block|\n    @logger.info? && @logger.info(\"output received\", :event => event)\n    @output_elasticsearch_6.handle(event)\n    \n  end", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/pipeline.rb", :line=>"26"}
{:timestamp=>"2014-04-30T09:03:32.229000+0000", :message=>"Using milestone 2 input plugin 'redis'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.3.3/plugin-milestones", :level=>:warn, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"209"}
{:timestamp=>"2014-04-30T09:03:32.243000+0000", :message=>"config LogStash::Codecs::JSON/@charset = \"UTF-8\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.247000+0000", :message=>"config LogStash::Inputs::Redis/@host = \"127.0.0.1\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.249000+0000", :message=>"config LogStash::Inputs::Redis/@data_type = \"list\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.251000+0000", :message=>"config LogStash::Inputs::Redis/@key = \"logstash\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.253000+0000", :message=>"config LogStash::Inputs::Redis/@codec = <LogStash::Codecs::JSON charset=>\"UTF-8\">", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.255000+0000", :message=>"config LogStash::Inputs::Redis/@debug = false", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.257000+0000", :message=>"config LogStash::Inputs::Redis/@add_field = {}", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.259000+0000", :message=>"config LogStash::Inputs::Redis/@threads = 1", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.261000+0000", :message=>"config LogStash::Inputs::Redis/@name = \"default\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.263000+0000", :message=>"config LogStash::Inputs::Redis/@port = 6379", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.265000+0000", :message=>"config LogStash::Inputs::Redis/@db = 0", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.266000+0000", :message=>"config LogStash::Inputs::Redis/@timeout = 5", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.268000+0000", :message=>"config LogStash::Inputs::Redis/@batch_count = 1", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.286000+0000", :message=>"config LogStash::Filters::Multiline/@negate = true", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.288000+0000", :message=>"config LogStash::Filters::Multiline/@pattern = \"^%{TIMESTAMP_ISO8601} \"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.290000+0000", :message=>"config LogStash::Filters::Multiline/@what = \"previous\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.292000+0000", :message=>"config LogStash::Filters::Multiline/@stream_identity = \"%{host}.%{filename}\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.294000+0000", :message=>"config LogStash::Filters::Multiline/@type = \"\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.296000+0000", :message=>"config LogStash::Filters::Multiline/@tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.298000+0000", :message=>"config LogStash::Filters::Multiline/@exclude_tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.300000+0000", :message=>"config LogStash::Filters::Multiline/@add_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.302000+0000", :message=>"config LogStash::Filters::Multiline/@remove_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.304000+0000", :message=>"config LogStash::Filters::Multiline/@add_field = {}", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.306000+0000", :message=>"config LogStash::Filters::Multiline/@remove_field = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.308000+0000", :message=>"config LogStash::Filters::Multiline/@patterns_dir = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.315000+0000", :message=>"config LogStash::Filters::Multiline/@negate = false", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.317000+0000", :message=>"config LogStash::Filters::Multiline/@pattern = \"^%{TIMESTAMP_ISO8601}%{SPACE}%{NUMBER}?%{SPACE}?TRACE\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.319000+0000", :message=>"config LogStash::Filters::Multiline/@what = \"previous\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.320000+0000", :message=>"config LogStash::Filters::Multiline/@stream_identity = \"%{host}.%{filename}\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.322000+0000", :message=>"config LogStash::Filters::Multiline/@type = \"\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.324000+0000", :message=>"config LogStash::Filters::Multiline/@tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.326000+0000", :message=>"config LogStash::Filters::Multiline/@exclude_tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.328000+0000", :message=>"config LogStash::Filters::Multiline/@add_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.330000+0000", :message=>"config LogStash::Filters::Multiline/@remove_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.332000+0000", :message=>"config LogStash::Filters::Multiline/@add_field = {}", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.334000+0000", :message=>"config LogStash::Filters::Multiline/@remove_field = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.335000+0000", :message=>"config LogStash::Filters::Multiline/@patterns_dir = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.351000+0000", :message=>"config LogStash::Filters::Grok/@match = {\"message\"=>\"(?m)^%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}?%{SPACE}?(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR) \\\\[?\\\\b%{NOTSPACE:module}\\\\b\\\\]?%{SPACE}?%{GREEDYDATA:logmessage}?\"}", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.353000+0000", :message=>"config LogStash::Filters::Grok/@add_field = {\"received_at\"=>\"%{@timestamp}\"}", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.355000+0000", :message=>"config LogStash::Filters::Grok/@type = \"\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.357000+0000", :message=>"config LogStash::Filters::Grok/@tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.359000+0000", :message=>"config LogStash::Filters::Grok/@exclude_tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.360000+0000", :message=>"config LogStash::Filters::Grok/@add_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.362000+0000", :message=>"config LogStash::Filters::Grok/@remove_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.364000+0000", :message=>"config LogStash::Filters::Grok/@remove_field = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.366000+0000", :message=>"config LogStash::Filters::Grok/@patterns_dir = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.368000+0000", :message=>"config LogStash::Filters::Grok/@drop_if_match = false", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.370000+0000", :message=>"config LogStash::Filters::Grok/@break_on_match = true", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.372000+0000", :message=>"config LogStash::Filters::Grok/@named_captures_only = true", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.373000+0000", :message=>"config LogStash::Filters::Grok/@keep_empty_captures = false", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.375000+0000", :message=>"config LogStash::Filters::Grok/@singles = true", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.377000+0000", :message=>"config LogStash::Filters::Grok/@tag_on_failure = [\"_grokparsefailure\"]", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.381000+0000", :message=>"config LogStash::Filters::Grok/@overwrite = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.396000+0000", :message=>"config LogStash::Filters::Date/@match = [\"logdate\", \"yyyy-MM-dd HH:mm:ss.SSS\", \"yyyy-MM-dd HH:mm:ss,SSS\", \"yyyy-MM-dd HH:mm:ss\", \"MMM  d HH:mm:ss\", \"MMM dd HH:mm:ss\", \"dd/MMM/yyyy:HH:mm:ss Z\", \"yyyy-MM-dd HH:mm:ss.SSSZ\", \"E MMM dd HH:mm:ss yyyy Z\", \"E MMM dd HH:mm:ss yyyy\"]", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.398000+0000", :message=>"config LogStash::Filters::Date/@type = \"\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.400000+0000", :message=>"config LogStash::Filters::Date/@tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.401000+0000", :message=>"config LogStash::Filters::Date/@exclude_tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.403000+0000", :message=>"config LogStash::Filters::Date/@add_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.405000+0000", :message=>"config LogStash::Filters::Date/@remove_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.406000+0000", :message=>"config LogStash::Filters::Date/@add_field = {}", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.408000+0000", :message=>"config LogStash::Filters::Date/@remove_field = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.410000+0000", :message=>"config LogStash::Filters::Date/@target = \"@timestamp\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.431000+0000", :message=>"config LogStash::Codecs::Plain/@charset = \"UTF-8\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.436000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@host = \"127.0.0.1\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.438000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@type = \"\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.440000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.441000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@exclude_tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.443000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@codec = <LogStash::Codecs::Plain charset=>\"UTF-8\">", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.445000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@workers = 1", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.446000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@index = \"logstash-%{+YYYY.MM.dd}\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.448000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@manage_template = true", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.449000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@template_name = \"logstash\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.451000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@template_overwrite = false", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.453000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@document_id = nil", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.454000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@port = \"9300-9305\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.456000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@embedded = false", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.457000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@embedded_http_port = \"9200-9300\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.459000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@max_inflight_requests = 50", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.461000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@flush_size = 100", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.462000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@idle_flush_time = 1", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.464000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@protocol = \"node\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:03:32.583000+0000", :message=>"Registering redis", :identity=>"default", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/inputs/redis.rb", :line=>"81"}
{:timestamp=>"2014-04-30T09:03:32.659000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:32.817000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:32.978000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/haproxy", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:33.157000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/java", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:33.296000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/linux-syslog", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:33.436000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/mcollective", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:33.575000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/mcollective-patterns", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:33.761000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/nagios", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:33.911000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/postgresql", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:34.051000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/redis", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:34.192000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/ruby", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:34.335000+0000", :message=>"Registered multiline plugin", :type=>"", :config=>{"negate"=>true, "pattern"=>"^%{TIMESTAMP_ISO8601} ", "what"=>"previous", "stream_identity"=>"%{host}.%{filename}", "type"=>"", "tags"=>[], "exclude_tags"=>[], "add_tag"=>[], "remove_tag"=>[], "add_field"=>{}, "remove_field"=>[], "patterns_dir"=>[]}, :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"149"}
{:timestamp=>"2014-04-30T09:03:34.447000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:34.603000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:34.755000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/haproxy", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:34.897000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/java", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:35.038000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/linux-syslog", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:35.180000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/mcollective", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:35.382000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/mcollective-patterns", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:35.522000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/nagios", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:35.672000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/postgresql", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:35.812000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/redis", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:35.952000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/ruby", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"142"}
{:timestamp=>"2014-04-30T09:03:36.095000+0000", :message=>"Registered multiline plugin", :type=>"", :config=>{"negate"=>false, "pattern"=>"^%{TIMESTAMP_ISO8601}%{SPACE}%{NUMBER}?%{SPACE}?TRACE", "what"=>"previous", "stream_identity"=>"%{host}.%{filename}", "type"=>"", "tags"=>[], "exclude_tags"=>[], "add_tag"=>[], "remove_tag"=>[], "add_field"=>{}, "remove_field"=>[], "patterns_dir"=>[]}, :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/multiline.rb", :line=>"149"}
{:timestamp=>"2014-04-30T09:03:36.097000+0000", :message=>"Grok patterns path", :patterns_dir=>["file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/../../patterns/*"], :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"241"}
{:timestamp=>"2014-04-30T09:03:36.098000+0000", :message=>"In-jar path to read", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/../patterns/*", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"247"}
{:timestamp=>"2014-04-30T09:03:36.100000+0000", :message=>"In-jar path to read", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/*", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"247"}
{:timestamp=>"2014-04-30T09:03:36.146000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:03:36.148000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:03:36.149000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/haproxy", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:03:36.150000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/java", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:03:36.152000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/linux-syslog", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:03:36.153000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/mcollective", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:03:36.154000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/mcollective-patterns", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:03:36.155000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/nagios", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:03:36.157000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/postgresql", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:03:36.158000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/redis", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:03:36.159000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/ruby", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:03:36.160000+0000", :message=>"Match data", :match=>{"message"=>"(?m)^%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}?%{SPACE}?(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR) \\[?\\b%{NOTSPACE:module}\\b\\]?%{SPACE}?%{GREEDYDATA:logmessage}?"}, :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"262"}
{:timestamp=>"2014-04-30T09:03:36.301000+0000", :message=>"Adding pattern from file", :name=>"NETSCREENSESSIONLOG", :pattern=>"%{SYSLOGTIMESTAMP:date} %{IPORHOST:device} %{IPORHOST}: NetScreen device_id=%{WORD:device_id}%{DATA}: start_time=%{QUOTEDSTRING:start_time} duration=%{INT:duration} policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:proto} src zone=%{WORD:src_zone} dst zone=%{WORD:dst_zone} action=%{WORD:action} sent=%{INT:sent} rcvd=%{INT:rcvd} src=%{IPORHOST:src_ip} dst=%{IPORHOST:dst_ip} src_port=%{INT:src_port} dst_port=%{INT:dst_port} src-xlated ip=%{IPORHOST:src_xlated_ip} port=%{INT:src_xlated_port} dst-xlated ip=%{IPORHOST:dst_xlated_ip} port=%{INT:dst_xlated_port} session_id=%{INT:session_id} reason=%{GREEDYDATA:reason}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.303000+0000", :message=>"Adding pattern from file", :name=>"CISCO_TAGGED_SYSLOG", :pattern=>"^<%{POSINT:syslog_pri}>%{CISCOTIMESTAMP:timestamp}( %{SYSLOGHOST:sysloghost})?: %%{CISCOTAG:ciscotag}:", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.304000+0000", :message=>"Adding pattern from file", :name=>"CISCOTIMESTAMP", :pattern=>"%{MONTH} +%{MONTHDAY}(?: %{YEAR})? %{TIME}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.305000+0000", :message=>"Adding pattern from file", :name=>"CISCOTAG", :pattern=>"[A-Z0-9]+-%{INT}-(?:[A-Z0-9_]+)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.307000+0000", :message=>"Adding pattern from file", :name=>"CISCO_ACTION", :pattern=>"Built|Teardown|Deny|Denied|denied|requested|permitted|denied by ACL|discarded|est-allowed|Dropping|created|deleted", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.308000+0000", :message=>"Adding pattern from file", :name=>"CISCO_REASON", :pattern=>"Duplicate TCP SYN|Failed to locate egress interface|Invalid transport field|No matching connection|DNS Response|DNS Query|(?:%{WORD}\\s*)*", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.310000+0000", :message=>"Adding pattern from file", :name=>"CISCO_DIRECTION", :pattern=>"Inbound|inbound|Outbound|outbound", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.311000+0000", :message=>"Adding pattern from file", :name=>"CISCO_INTERVAL", :pattern=>"first hit|%{INT}-second interval", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.312000+0000", :message=>"Adding pattern from file", :name=>"CISCO_XLATE_TYPE", :pattern=>"static|dynamic", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.314000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106001", :pattern=>"%{CISCO_DIRECTION:direction} %{WORD:protocol} connection %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{GREEDYDATA:tcp_flags} on interface %{GREEDYDATA:interface}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.315000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106006_106007_106010", :pattern=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} (?:from|src) %{IP:src_ip}/%{INT:src_port}(\\(%{DATA:src_fwuser}\\))? (?:to|dst) %{IP:dst_ip}/%{INT:dst_port}(\\(%{DATA:dst_fwuser}\\))? (?:on interface %{DATA:interface}|due to %{CISCO_REASON:reason})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.317000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106014", :pattern=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(\\(%{DATA:dst_fwuser}\\))? \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.318000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106015", :pattern=>"%{CISCO_ACTION:action} %{WORD:protocol} \\(%{DATA:policy_id}\\) from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{DATA:tcp_flags}  on interface %{GREEDYDATA:interface}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.319000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106021", :pattern=>"%{CISCO_ACTION:action} %{WORD:protocol} reverse path check from %{IP:src_ip} to %{IP:dst_ip} on interface %{GREEDYDATA:interface}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.321000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106023", :pattern=>"%{CISCO_ACTION:action} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(/%{INT:dst_port})?(\\(%{DATA:dst_fwuser}\\))?( \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\))? by access-group %{DATA:policy_id} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.323000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106100", :pattern=>"access-list %{WORD:policy_id} %{CISCO_ACTION:action} %{WORD:protocol} %{DATA:src_interface}/%{IP:src_ip}\\(%{INT:src_port}\\)(\\(%{DATA:src_fwuser}\\))? -> %{DATA:dst_interface}/%{IP:dst_ip}\\(%{INT:dst_port}\\)(\\(%{DATA:src_fwuser}\\))? hit-cnt %{INT:hit_count} %{CISCO_INTERVAL:interval} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.324000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW110002", :pattern=>"%{CISCO_REASON:reason} for %{WORD:protocol} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.326000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW302010", :pattern=>"%{INT:connection_count} in use, %{INT:connection_count_max} most used", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.327000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW302013_302014_302015_302016", :pattern=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection %{INT:connection_id} for %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port}( \\(%{IP:src_mapped_ip}/%{INT:src_mapped_port}\\))?(\\(%{DATA:src_fwuser}\\))? to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}( \\(%{IP:dst_mapped_ip}/%{INT:dst_mapped_port}\\))?(\\(%{DATA:dst_fwuser}\\))?( duration %{TIME:duration} bytes %{INT:bytes})?(?: %{CISCO_REASON:reason})?( \\(%{DATA:user}\\))?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.329000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW302020_302021", :pattern=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection for faddr %{IP:dst_ip}/%{INT:icmp_seq_num}(?:\\(%{DATA:fwuser}\\))? gaddr %{IP:src_xlated_ip}/%{INT:icmp_code_xlated} laddr %{IP:src_ip}/%{INT:icmp_code}( \\(%{DATA:user}\\))?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.330000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW305011", :pattern=>"%{CISCO_ACTION:action} %{CISCO_XLATE_TYPE:xlate_type} %{WORD:protocol} translation from %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? to %{DATA:src_xlated_interface}:%{IP:src_xlated_ip}/%{DATA:src_xlated_port}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.332000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW313001_313004_313008", :pattern=>"%{CISCO_ACTION:action} %{WORD:protocol} type=%{INT:icmp_type}, code=%{INT:icmp_code} from %{IP:src_ip} on interface %{DATA:interface}( to %{IP:dst_ip})?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.333000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW313005", :pattern=>"%{CISCO_REASON:reason} for %{WORD:protocol} error message: %{WORD:err_protocol} src %{DATA:err_src_interface}:%{IP:err_src_ip}(\\(%{DATA:err_src_fwuser}\\))? dst %{DATA:err_dst_interface}:%{IP:err_dst_ip}(\\(%{DATA:err_dst_fwuser}\\))? \\(type %{INT:err_icmp_type}, code %{INT:err_icmp_code}\\) on %{DATA:interface} interface\\.  Original IP payload: %{WORD:protocol} src %{IP:orig_src_ip}/%{INT:orig_src_port}(\\(%{DATA:orig_src_fwuser}\\))? dst %{IP:orig_dst_ip}/%{INT:orig_dst_port}(\\(%{DATA:orig_dst_fwuser}\\))?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.335000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW402117", :pattern=>"%{WORD:protocol}: Received a non-IPSec packet \\(protocol= %{WORD:orig_protocol}\\) from %{IP:src_ip} to %{IP:dst_ip}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.336000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW402119", :pattern=>"%{WORD:protocol}: Received an %{WORD:orig_protocol} packet \\(SPI= %{DATA:spi}, sequence number= %{DATA:seq_num}\\) from %{IP:src_ip} \\(user= %{DATA:user}\\) to %{IP:dst_ip} that failed anti-replay checking", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.337000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW419001", :pattern=>"%{CISCO_ACTION:action} %{WORD:protocol} packet from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}, reason: %{GREEDYDATA:reason}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.339000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW419002", :pattern=>"%{CISCO_REASON:reason} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port} with different initial sequence number", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.340000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW500004", :pattern=>"%{CISCO_REASON:reason} for protocol=%{WORD:protocol}, from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.342000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW602303_602304", :pattern=>"%{WORD:protocol}: An %{CISCO_DIRECTION:direction} %{GREEDYDATA:tunnel_type} SA \\(SPI= %{DATA:spi}\\) between %{IP:src_ip} and %{IP:dst_ip} \\(user= %{DATA:user}\\) has been %{CISCO_ACTION:action}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.343000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW710001_710002_710003_710005_710006", :pattern=>"%{WORD:protocol} (?:request|access) %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.345000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW713172", :pattern=>"Group = %{GREEDYDATA:group}, IP = %{IP:src_ip}, Automatic NAT Detection Status:\\s+Remote end\\s*%{DATA:is_remote_natted}\\s*behind a NAT device\\s+This\\s+end\\s*%{DATA:is_local_natted}\\s*behind a NAT device", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.346000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW733100", :pattern=>"\\[\\s*%{DATA:drop_type}\\s*\\] drop %{DATA:drop_rate_id} exceeded. Current burst rate is %{INT:drop_rate_current_burst} per second, max configured rate is %{INT:drop_rate_max_burst}; Current average rate is %{INT:drop_rate_current_avg} per second, max configured rate is %{INT:drop_rate_max_avg}; Cumulative total count is %{INT:drop_total_count}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.699000+0000", :message=>"Adding pattern from file", :name=>"USERNAME", :pattern=>"[a-zA-Z0-9._-]+", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.701000+0000", :message=>"Adding pattern from file", :name=>"USER", :pattern=>"%{USERNAME}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.702000+0000", :message=>"Adding pattern from file", :name=>"INT", :pattern=>"(?:[+-]?(?:[0-9]+))", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.704000+0000", :message=>"Adding pattern from file", :name=>"BASE10NUM", :pattern=>"(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.705000+0000", :message=>"Adding pattern from file", :name=>"NUMBER", :pattern=>"(?:%{BASE10NUM})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.707000+0000", :message=>"Adding pattern from file", :name=>"BASE16NUM", :pattern=>"(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.708000+0000", :message=>"Adding pattern from file", :name=>"BASE16FLOAT", :pattern=>"\\b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\\.[0-9A-Fa-f]*)?)|(?:\\.[0-9A-Fa-f]+)))\\b", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.710000+0000", :message=>"Adding pattern from file", :name=>"POSINT", :pattern=>"\\b(?:[1-9][0-9]*)\\b", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.711000+0000", :message=>"Adding pattern from file", :name=>"NONNEGINT", :pattern=>"\\b(?:[0-9]+)\\b", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.713000+0000", :message=>"Adding pattern from file", :name=>"WORD", :pattern=>"\\b\\w+\\b", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.714000+0000", :message=>"Adding pattern from file", :name=>"NOTSPACE", :pattern=>"\\S+", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.716000+0000", :message=>"Adding pattern from file", :name=>"SPACE", :pattern=>"\\s*", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.717000+0000", :message=>"Adding pattern from file", :name=>"DATA", :pattern=>".*?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.718000+0000", :message=>"Adding pattern from file", :name=>"GREEDYDATA", :pattern=>".*", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.720000+0000", :message=>"Adding pattern from file", :name=>"QUOTEDSTRING", :pattern=>"(?>(?<!\\\\)(?>\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.721000+0000", :message=>"Adding pattern from file", :name=>"UUID", :pattern=>"[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.723000+0000", :message=>"Adding pattern from file", :name=>"MAC", :pattern=>"(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.724000+0000", :message=>"Adding pattern from file", :name=>"CISCOMAC", :pattern=>"(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.727000+0000", :message=>"Adding pattern from file", :name=>"WINDOWSMAC", :pattern=>"(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.729000+0000", :message=>"Adding pattern from file", :name=>"COMMONMAC", :pattern=>"(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.730000+0000", :message=>"Adding pattern from file", :name=>"IPV6", :pattern=>"((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.732000+0000", :message=>"Adding pattern from file", :name=>"IPV4", :pattern=>"(?<![0-9])(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))(?![0-9])", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.733000+0000", :message=>"Adding pattern from file", :name=>"IP", :pattern=>"(?:%{IPV6}|%{IPV4})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.735000+0000", :message=>"Adding pattern from file", :name=>"HOSTNAME", :pattern=>"\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.736000+0000", :message=>"Adding pattern from file", :name=>"HOST", :pattern=>"%{HOSTNAME}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.738000+0000", :message=>"Adding pattern from file", :name=>"IPORHOST", :pattern=>"(?:%{HOSTNAME}|%{IP})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.739000+0000", :message=>"Adding pattern from file", :name=>"HOSTPORT", :pattern=>"(?:%{IPORHOST=~/\\./}:%{POSINT})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.741000+0000", :message=>"Adding pattern from file", :name=>"PATH", :pattern=>"(?:%{UNIXPATH}|%{WINPATH})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.742000+0000", :message=>"Adding pattern from file", :name=>"UNIXPATH", :pattern=>"(?>/(?>[\\w_%!$@:.,-]+|\\\\.)*)+", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.743000+0000", :message=>"Adding pattern from file", :name=>"TTY", :pattern=>"(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.745000+0000", :message=>"Adding pattern from file", :name=>"WINPATH", :pattern=>"(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.746000+0000", :message=>"Adding pattern from file", :name=>"URIPROTO", :pattern=>"[A-Za-z]+(\\+[A-Za-z+]+)?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:03:36.748000+0000", :message=>"Adding pattern from file", :name=>"URIHOST", :pattern=>"