1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180 | {:timestamp=>"2014-04-30T09:59:56.505000+0000", :message=>"Reading config file", :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/agent.rb", :level=>:debug, :line=>"299"}
{:timestamp=>"2014-04-30T09:59:56.848000+0000", :message=>"Compiled pipeline code:\n@inputs = []\n@filters = []\n@outputs = []\n@input_redis_1 = plugin(\"input\", \"redis\", LogStash::Util.hash_merge_many({ \"host\" => (\"127.0.0.1\".force_encoding(\"UTF-8\")) }, { \"data_type\" => (\"list\".force_encoding(\"UTF-8\")) }, { \"key\" => (\"logstash\".force_encoding(\"UTF-8\")) }, { \"codec\" => (\"json\".force_encoding(\"UTF-8\")) }))\n\n@inputs << @input_redis_1\n@filter_grok_2 = plugin(\"filter\", \"grok\", LogStash::Util.hash_merge_many({ \"match\" => {(\"message\".force_encoding(\"UTF-8\")) => (\"^%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}?%{SPACE}?(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR) \\\\[?\\\\b%{NOTSPACE:module}\\\\b\\\\]?%{SPACE}?%{GREEDYDATA:logmessage}?\".force_encoding(\"UTF-8\"))} }))\n\n@filters << @filter_grok_2\n@filter_date_3 = plugin(\"filter\", \"date\", LogStash::Util.hash_merge_many({ \"match\" => [(\"logdate\".force_encoding(\"UTF-8\")), (\"yyyy-MM-dd HH:mm:ss.SSS\".force_encoding(\"UTF-8\")), (\"yyyy-MM-dd HH:mm:ss,SSS\".force_encoding(\"UTF-8\")), (\"yyyy-MM-dd HH:mm:ss\".force_encoding(\"UTF-8\")), (\"MMM d HH:mm:ss\".force_encoding(\"UTF-8\")), (\"MMM dd HH:mm:ss\".force_encoding(\"UTF-8\")), (\"dd/MMM/yyyy:HH:mm:ss Z\".force_encoding(\"UTF-8\")), (\"yyyy-MM-dd HH:mm:ss.SSSZ\".force_encoding(\"UTF-8\")), (\"E MMM dd HH:mm:ss yyyy Z\".force_encoding(\"UTF-8\")), (\"E MMM dd HH:mm:ss yyyy\".force_encoding(\"UTF-8\"))] }))\n\n@filters << @filter_date_3\n@output_elasticsearch_4 = plugin(\"output\", \"elasticsearch\", LogStash::Util.hash_merge_many({ \"host\" => (\"127.0.0.1\".force_encoding(\"UTF-8\")) }))\n\n@outputs << @output_elasticsearch_4\n @filter_func = lambda do |event, &block|\n extra_events = []\n @logger.info? && @logger.info(\"filter received\", :event => event)\n newevents = []\n extra_events.each do |event|\n @filter_grok_2.filter(event) do |newevent|\n newevents << newevent\n end\n end\n extra_events += newevents\n @filter_grok_2.filter(event) do |newevent|\n extra_events << newevent\n end\n if event.cancelled?\n extra_events.each(&block)\n return\n end\n newevents = []\n extra_events.each do |event|\n @filter_date_3.filter(event) do |newevent|\n newevents << newevent\n end\n end\n extra_events += newevents\n @filter_date_3.filter(event) do |newevent|\n extra_events << newevent\n end\n if event.cancelled?\n extra_events.each(&block)\n return\n end\n \n extra_events.each(&block)\n end\n @output_func = lambda do |event, &block|\n @logger.info? && @logger.info(\"output received\", :event => event)\n @output_elasticsearch_4.handle(event)\n \n end", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/pipeline.rb", :line=>"26"}
{:timestamp=>"2014-04-30T09:59:56.867000+0000", :message=>"Using milestone 2 input plugin 'redis'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.3.3/plugin-milestones", :level=>:warn, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"209"}
{:timestamp=>"2014-04-30T09:59:56.880000+0000", :message=>"config LogStash::Codecs::JSON/@charset = \"UTF-8\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.884000+0000", :message=>"config LogStash::Inputs::Redis/@host = \"127.0.0.1\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.886000+0000", :message=>"config LogStash::Inputs::Redis/@data_type = \"list\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.888000+0000", :message=>"config LogStash::Inputs::Redis/@key = \"logstash\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.890000+0000", :message=>"config LogStash::Inputs::Redis/@codec = <LogStash::Codecs::JSON charset=>\"UTF-8\">", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.892000+0000", :message=>"config LogStash::Inputs::Redis/@debug = false", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.894000+0000", :message=>"config LogStash::Inputs::Redis/@add_field = {}", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.896000+0000", :message=>"config LogStash::Inputs::Redis/@threads = 1", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.898000+0000", :message=>"config LogStash::Inputs::Redis/@name = \"default\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.900000+0000", :message=>"config LogStash::Inputs::Redis/@port = 6379", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.902000+0000", :message=>"config LogStash::Inputs::Redis/@db = 0", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.904000+0000", :message=>"config LogStash::Inputs::Redis/@timeout = 5", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.906000+0000", :message=>"config LogStash::Inputs::Redis/@batch_count = 1", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.928000+0000", :message=>"config LogStash::Filters::Grok/@match = {\"message\"=>\"^%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}?%{SPACE}?(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR) \\\\[?\\\\b%{NOTSPACE:module}\\\\b\\\\]?%{SPACE}?%{GREEDYDATA:logmessage}?\"}", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.930000+0000", :message=>"config LogStash::Filters::Grok/@type = \"\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.932000+0000", :message=>"config LogStash::Filters::Grok/@tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.934000+0000", :message=>"config LogStash::Filters::Grok/@exclude_tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.936000+0000", :message=>"config LogStash::Filters::Grok/@add_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.938000+0000", :message=>"config LogStash::Filters::Grok/@remove_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.940000+0000", :message=>"config LogStash::Filters::Grok/@add_field = {}", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.941000+0000", :message=>"config LogStash::Filters::Grok/@remove_field = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.943000+0000", :message=>"config LogStash::Filters::Grok/@patterns_dir = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.945000+0000", :message=>"config LogStash::Filters::Grok/@drop_if_match = false", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.947000+0000", :message=>"config LogStash::Filters::Grok/@break_on_match = true", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.949000+0000", :message=>"config LogStash::Filters::Grok/@named_captures_only = true", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.951000+0000", :message=>"config LogStash::Filters::Grok/@keep_empty_captures = false", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.953000+0000", :message=>"config LogStash::Filters::Grok/@singles = true", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.955000+0000", :message=>"config LogStash::Filters::Grok/@tag_on_failure = [\"_grokparsefailure\"]", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.957000+0000", :message=>"config LogStash::Filters::Grok/@overwrite = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.968000+0000", :message=>"config LogStash::Filters::Date/@match = [\"logdate\", \"yyyy-MM-dd HH:mm:ss.SSS\", \"yyyy-MM-dd HH:mm:ss,SSS\", \"yyyy-MM-dd HH:mm:ss\", \"MMM d HH:mm:ss\", \"MMM dd HH:mm:ss\", \"dd/MMM/yyyy:HH:mm:ss Z\", \"yyyy-MM-dd HH:mm:ss.SSSZ\", \"E MMM dd HH:mm:ss yyyy Z\", \"E MMM dd HH:mm:ss yyyy\"]", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.970000+0000", :message=>"config LogStash::Filters::Date/@type = \"\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.972000+0000", :message=>"config LogStash::Filters::Date/@tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.974000+0000", :message=>"config LogStash::Filters::Date/@exclude_tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.976000+0000", :message=>"config LogStash::Filters::Date/@add_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.978000+0000", :message=>"config LogStash::Filters::Date/@remove_tag = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.980000+0000", :message=>"config LogStash::Filters::Date/@add_field = {}", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.982000+0000", :message=>"config LogStash::Filters::Date/@remove_field = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:56.984000+0000", :message=>"config LogStash::Filters::Date/@target = \"@timestamp\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.007000+0000", :message=>"config LogStash::Codecs::Plain/@charset = \"UTF-8\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.013000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@host = \"127.0.0.1\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.015000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@type = \"\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.017000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.019000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@exclude_tags = []", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.021000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@codec = <LogStash::Codecs::Plain charset=>\"UTF-8\">", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.022000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@workers = 1", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.024000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@index = \"logstash-%{+YYYY.MM.dd}\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.026000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@manage_template = true", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.028000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@template_name = \"logstash\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.030000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@template_overwrite = false", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.033000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@document_id = nil", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.038000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@port = \"9300-9305\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.041000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@embedded = false", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.042000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@embedded_http_port = \"9200-9300\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.044000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@max_inflight_requests = 50", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.045000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@flush_size = 100", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.047000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@idle_flush_time = 1", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.049000+0000", :message=>"config LogStash::Outputs::ElasticSearch/@protocol = \"node\"", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/config/mixin.rb", :line=>"105"}
{:timestamp=>"2014-04-30T09:59:57.167000+0000", :message=>"Registering redis", :identity=>"default", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/inputs/redis.rb", :line=>"81"}
{:timestamp=>"2014-04-30T09:59:57.182000+0000", :message=>"Grok patterns path", :patterns_dir=>["file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/../../patterns/*"], :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"241"}
{:timestamp=>"2014-04-30T09:59:57.184000+0000", :message=>"In-jar path to read", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/../patterns/*", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"247"}
{:timestamp=>"2014-04-30T09:59:57.186000+0000", :message=>"In-jar path to read", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/*", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"247"}
{:timestamp=>"2014-04-30T09:59:57.248000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:59:57.249000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:59:57.251000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/haproxy", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:59:57.252000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/java", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:59:57.254000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/linux-syslog", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:59:57.255000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/mcollective", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:59:57.256000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/mcollective-patterns", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:59:57.258000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/nagios", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:59:57.259000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/postgresql", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:59:57.261000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/redis", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:59:57.262000+0000", :message=>"Grok loading patterns from file", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/ruby", :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"255"}
{:timestamp=>"2014-04-30T09:59:57.263000+0000", :message=>"Match data", :match=>{"message"=>"^%{TIMESTAMP_ISO8601:logdate}%{SPACE}%{NUMBER:pid}?%{SPACE}?(?<loglevel>AUDIT|CRITICAL|DEBUG|INFO|TRACE|WARNING|ERROR) \\[?\\b%{NOTSPACE:module}\\b\\]?%{SPACE}?%{GREEDYDATA:logmessage}?"}, :level=>:info, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"262"}
{:timestamp=>"2014-04-30T09:59:57.418000+0000", :message=>"Adding pattern from file", :name=>"NETSCREENSESSIONLOG", :pattern=>"%{SYSLOGTIMESTAMP:date} %{IPORHOST:device} %{IPORHOST}: NetScreen device_id=%{WORD:device_id}%{DATA}: start_time=%{QUOTEDSTRING:start_time} duration=%{INT:duration} policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:proto} src zone=%{WORD:src_zone} dst zone=%{WORD:dst_zone} action=%{WORD:action} sent=%{INT:sent} rcvd=%{INT:rcvd} src=%{IPORHOST:src_ip} dst=%{IPORHOST:dst_ip} src_port=%{INT:src_port} dst_port=%{INT:dst_port} src-xlated ip=%{IPORHOST:src_xlated_ip} port=%{INT:src_xlated_port} dst-xlated ip=%{IPORHOST:dst_xlated_ip} port=%{INT:dst_xlated_port} session_id=%{INT:session_id} reason=%{GREEDYDATA:reason}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.421000+0000", :message=>"Adding pattern from file", :name=>"CISCO_TAGGED_SYSLOG", :pattern=>"^<%{POSINT:syslog_pri}>%{CISCOTIMESTAMP:timestamp}( %{SYSLOGHOST:sysloghost})?: %%{CISCOTAG:ciscotag}:", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.422000+0000", :message=>"Adding pattern from file", :name=>"CISCOTIMESTAMP", :pattern=>"%{MONTH} +%{MONTHDAY}(?: %{YEAR})? %{TIME}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.424000+0000", :message=>"Adding pattern from file", :name=>"CISCOTAG", :pattern=>"[A-Z0-9]+-%{INT}-(?:[A-Z0-9_]+)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.426000+0000", :message=>"Adding pattern from file", :name=>"CISCO_ACTION", :pattern=>"Built|Teardown|Deny|Denied|denied|requested|permitted|denied by ACL|discarded|est-allowed|Dropping|created|deleted", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.427000+0000", :message=>"Adding pattern from file", :name=>"CISCO_REASON", :pattern=>"Duplicate TCP SYN|Failed to locate egress interface|Invalid transport field|No matching connection|DNS Response|DNS Query|(?:%{WORD}\\s*)*", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.429000+0000", :message=>"Adding pattern from file", :name=>"CISCO_DIRECTION", :pattern=>"Inbound|inbound|Outbound|outbound", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.431000+0000", :message=>"Adding pattern from file", :name=>"CISCO_INTERVAL", :pattern=>"first hit|%{INT}-second interval", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.432000+0000", :message=>"Adding pattern from file", :name=>"CISCO_XLATE_TYPE", :pattern=>"static|dynamic", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.434000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106001", :pattern=>"%{CISCO_DIRECTION:direction} %{WORD:protocol} connection %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{GREEDYDATA:tcp_flags} on interface %{GREEDYDATA:interface}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.436000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106006_106007_106010", :pattern=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} (?:from|src) %{IP:src_ip}/%{INT:src_port}(\\(%{DATA:src_fwuser}\\))? (?:to|dst) %{IP:dst_ip}/%{INT:dst_port}(\\(%{DATA:dst_fwuser}\\))? (?:on interface %{DATA:interface}|due to %{CISCO_REASON:reason})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.438000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106014", :pattern=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(\\(%{DATA:dst_fwuser}\\))? \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.440000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106015", :pattern=>"%{CISCO_ACTION:action} %{WORD:protocol} \\(%{DATA:policy_id}\\) from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{DATA:tcp_flags} on interface %{GREEDYDATA:interface}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.441000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106021", :pattern=>"%{CISCO_ACTION:action} %{WORD:protocol} reverse path check from %{IP:src_ip} to %{IP:dst_ip} on interface %{GREEDYDATA:interface}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.443000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106023", :pattern=>"%{CISCO_ACTION:action} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(/%{INT:dst_port})?(\\(%{DATA:dst_fwuser}\\))?( \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\))? by access-group %{DATA:policy_id} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.445000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW106100", :pattern=>"access-list %{WORD:policy_id} %{CISCO_ACTION:action} %{WORD:protocol} %{DATA:src_interface}/%{IP:src_ip}\\(%{INT:src_port}\\)(\\(%{DATA:src_fwuser}\\))? -> %{DATA:dst_interface}/%{IP:dst_ip}\\(%{INT:dst_port}\\)(\\(%{DATA:src_fwuser}\\))? hit-cnt %{INT:hit_count} %{CISCO_INTERVAL:interval} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.447000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW110002", :pattern=>"%{CISCO_REASON:reason} for %{WORD:protocol} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.449000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW302010", :pattern=>"%{INT:connection_count} in use, %{INT:connection_count_max} most used", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.451000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW302013_302014_302015_302016", :pattern=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection %{INT:connection_id} for %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port}( \\(%{IP:src_mapped_ip}/%{INT:src_mapped_port}\\))?(\\(%{DATA:src_fwuser}\\))? to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}( \\(%{IP:dst_mapped_ip}/%{INT:dst_mapped_port}\\))?(\\(%{DATA:dst_fwuser}\\))?( duration %{TIME:duration} bytes %{INT:bytes})?(?: %{CISCO_REASON:reason})?( \\(%{DATA:user}\\))?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.452000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW302020_302021", :pattern=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection for faddr %{IP:dst_ip}/%{INT:icmp_seq_num}(?:\\(%{DATA:fwuser}\\))? gaddr %{IP:src_xlated_ip}/%{INT:icmp_code_xlated} laddr %{IP:src_ip}/%{INT:icmp_code}( \\(%{DATA:user}\\))?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.454000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW305011", :pattern=>"%{CISCO_ACTION:action} %{CISCO_XLATE_TYPE:xlate_type} %{WORD:protocol} translation from %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? to %{DATA:src_xlated_interface}:%{IP:src_xlated_ip}/%{DATA:src_xlated_port}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.456000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW313001_313004_313008", :pattern=>"%{CISCO_ACTION:action} %{WORD:protocol} type=%{INT:icmp_type}, code=%{INT:icmp_code} from %{IP:src_ip} on interface %{DATA:interface}( to %{IP:dst_ip})?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.458000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW313005", :pattern=>"%{CISCO_REASON:reason} for %{WORD:protocol} error message: %{WORD:err_protocol} src %{DATA:err_src_interface}:%{IP:err_src_ip}(\\(%{DATA:err_src_fwuser}\\))? dst %{DATA:err_dst_interface}:%{IP:err_dst_ip}(\\(%{DATA:err_dst_fwuser}\\))? \\(type %{INT:err_icmp_type}, code %{INT:err_icmp_code}\\) on %{DATA:interface} interface\\. Original IP payload: %{WORD:protocol} src %{IP:orig_src_ip}/%{INT:orig_src_port}(\\(%{DATA:orig_src_fwuser}\\))? dst %{IP:orig_dst_ip}/%{INT:orig_dst_port}(\\(%{DATA:orig_dst_fwuser}\\))?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.459000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW402117", :pattern=>"%{WORD:protocol}: Received a non-IPSec packet \\(protocol= %{WORD:orig_protocol}\\) from %{IP:src_ip} to %{IP:dst_ip}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.461000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW402119", :pattern=>"%{WORD:protocol}: Received an %{WORD:orig_protocol} packet \\(SPI= %{DATA:spi}, sequence number= %{DATA:seq_num}\\) from %{IP:src_ip} \\(user= %{DATA:user}\\) to %{IP:dst_ip} that failed anti-replay checking", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.463000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW419001", :pattern=>"%{CISCO_ACTION:action} %{WORD:protocol} packet from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}, reason: %{GREEDYDATA:reason}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.464000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW419002", :pattern=>"%{CISCO_REASON:reason} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port} with different initial sequence number", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.466000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW500004", :pattern=>"%{CISCO_REASON:reason} for protocol=%{WORD:protocol}, from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.468000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW602303_602304", :pattern=>"%{WORD:protocol}: An %{CISCO_DIRECTION:direction} %{GREEDYDATA:tunnel_type} SA \\(SPI= %{DATA:spi}\\) between %{IP:src_ip} and %{IP:dst_ip} \\(user= %{DATA:user}\\) has been %{CISCO_ACTION:action}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.470000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW710001_710002_710003_710005_710006", :pattern=>"%{WORD:protocol} (?:request|access) %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.471000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW713172", :pattern=>"Group = %{GREEDYDATA:group}, IP = %{IP:src_ip}, Automatic NAT Detection Status:\\s+Remote end\\s*%{DATA:is_remote_natted}\\s*behind a NAT device\\s+This\\s+end\\s*%{DATA:is_local_natted}\\s*behind a NAT device", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.473000+0000", :message=>"Adding pattern from file", :name=>"CISCOFW733100", :pattern=>"\\[\\s*%{DATA:drop_type}\\s*\\] drop %{DATA:drop_rate_id} exceeded. Current burst rate is %{INT:drop_rate_current_burst} per second, max configured rate is %{INT:drop_rate_max_burst}; Current average rate is %{INT:drop_rate_current_avg} per second, max configured rate is %{INT:drop_rate_max_avg}; Cumulative total count is %{INT:drop_total_count}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/firewalls", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.629000+0000", :message=>"Adding pattern from file", :name=>"USERNAME", :pattern=>"[a-zA-Z0-9._-]+", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.631000+0000", :message=>"Adding pattern from file", :name=>"USER", :pattern=>"%{USERNAME}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.633000+0000", :message=>"Adding pattern from file", :name=>"INT", :pattern=>"(?:[+-]?(?:[0-9]+))", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.634000+0000", :message=>"Adding pattern from file", :name=>"BASE10NUM", :pattern=>"(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.636000+0000", :message=>"Adding pattern from file", :name=>"NUMBER", :pattern=>"(?:%{BASE10NUM})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.637000+0000", :message=>"Adding pattern from file", :name=>"BASE16NUM", :pattern=>"(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.639000+0000", :message=>"Adding pattern from file", :name=>"BASE16FLOAT", :pattern=>"\\b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\\.[0-9A-Fa-f]*)?)|(?:\\.[0-9A-Fa-f]+)))\\b", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.641000+0000", :message=>"Adding pattern from file", :name=>"POSINT", :pattern=>"\\b(?:[1-9][0-9]*)\\b", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.642000+0000", :message=>"Adding pattern from file", :name=>"NONNEGINT", :pattern=>"\\b(?:[0-9]+)\\b", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.644000+0000", :message=>"Adding pattern from file", :name=>"WORD", :pattern=>"\\b\\w+\\b", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.645000+0000", :message=>"Adding pattern from file", :name=>"NOTSPACE", :pattern=>"\\S+", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.647000+0000", :message=>"Adding pattern from file", :name=>"SPACE", :pattern=>"\\s*", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.648000+0000", :message=>"Adding pattern from file", :name=>"DATA", :pattern=>".*?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.650000+0000", :message=>"Adding pattern from file", :name=>"GREEDYDATA", :pattern=>".*", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.652000+0000", :message=>"Adding pattern from file", :name=>"QUOTEDSTRING", :pattern=>"(?>(?<!\\\\)(?>\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.653000+0000", :message=>"Adding pattern from file", :name=>"UUID", :pattern=>"[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.655000+0000", :message=>"Adding pattern from file", :name=>"MAC", :pattern=>"(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.656000+0000", :message=>"Adding pattern from file", :name=>"CISCOMAC", :pattern=>"(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.658000+0000", :message=>"Adding pattern from file", :name=>"WINDOWSMAC", :pattern=>"(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.659000+0000", :message=>"Adding pattern from file", :name=>"COMMONMAC", :pattern=>"(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.661000+0000", :message=>"Adding pattern from file", :name=>"IPV6", :pattern=>"((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.663000+0000", :message=>"Adding pattern from file", :name=>"IPV4", :pattern=>"(?<![0-9])(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))(?![0-9])", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.664000+0000", :message=>"Adding pattern from file", :name=>"IP", :pattern=>"(?:%{IPV6}|%{IPV4})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.666000+0000", :message=>"Adding pattern from file", :name=>"HOSTNAME", :pattern=>"\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.667000+0000", :message=>"Adding pattern from file", :name=>"HOST", :pattern=>"%{HOSTNAME}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.669000+0000", :message=>"Adding pattern from file", :name=>"IPORHOST", :pattern=>"(?:%{HOSTNAME}|%{IP})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.670000+0000", :message=>"Adding pattern from file", :name=>"HOSTPORT", :pattern=>"(?:%{IPORHOST=~/\\./}:%{POSINT})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.672000+0000", :message=>"Adding pattern from file", :name=>"PATH", :pattern=>"(?:%{UNIXPATH}|%{WINPATH})", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.673000+0000", :message=>"Adding pattern from file", :name=>"UNIXPATH", :pattern=>"(?>/(?>[\\w_%!$@:.,-]+|\\\\.)*)+", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.675000+0000", :message=>"Adding pattern from file", :name=>"TTY", :pattern=>"(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.676000+0000", :message=>"Adding pattern from file", :name=>"WINPATH", :pattern=>"(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.678000+0000", :message=>"Adding pattern from file", :name=>"URIPROTO", :pattern=>"[A-Za-z]+(\\+[A-Za-z+]+)?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.679000+0000", :message=>"Adding pattern from file", :name=>"URIHOST", :pattern=>"%{IPORHOST}(?::%{POSINT:port})?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.681000+0000", :message=>"Adding pattern from file", :name=>"URIPATH", :pattern=>"(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.682000+0000", :message=>"Adding pattern from file", :name=>"URIPARAM", :pattern=>"\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]]*", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.684000+0000", :message=>"Adding pattern from file", :name=>"URIPATHPARAM", :pattern=>"%{URIPATH}(?:%{URIPARAM})?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.686000+0000", :message=>"Adding pattern from file", :name=>"URI", :pattern=>"%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.687000+0000", :message=>"Adding pattern from file", :name=>"MONTH", :pattern=>"\\b(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\\b", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.689000+0000", :message=>"Adding pattern from file", :name=>"MONTHNUM", :pattern=>"(?:0?[1-9]|1[0-2])", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.690000+0000", :message=>"Adding pattern from file", :name=>"MONTHDAY", :pattern=>"(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.692000+0000", :message=>"Adding pattern from file", :name=>"DAY", :pattern=>"(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.693000+0000", :message=>"Adding pattern from file", :name=>"YEAR", :pattern=>"(?>\\d\\d){1,2}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.695000+0000", :message=>"Adding pattern from file", :name=>"HOUR", :pattern=>"(?:2[0123]|[01]?[0-9])", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.696000+0000", :message=>"Adding pattern from file", :name=>"MINUTE", :pattern=>"(?:[0-5][0-9])", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.698000+0000", :message=>"Adding pattern from file", :name=>"SECOND", :pattern=>"(?:(?:[0-5][0-9]|60)(?:[:.,][0-9]+)?)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.936000+0000", :message=>"Adding pattern from file", :name=>"TIME", :pattern=>"(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.938000+0000", :message=>"Adding pattern from file", :name=>"DATE_US", :pattern=>"%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.939000+0000", :message=>"Adding pattern from file", :name=>"DATE_EU", :pattern=>"%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.941000+0000", :message=>"Adding pattern from file", :name=>"ISO8601_TIMEZONE", :pattern=>"(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.946000+0000", :message=>"Adding pattern from file", :name=>"ISO8601_SECOND", :pattern=>"(?:%{SECOND}|60)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.947000+0000", :message=>"Adding pattern from file", :name=>"TIMESTAMP_ISO8601", :pattern=>"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.949000+0000", :message=>"Adding pattern from file", :name=>"DATE", :pattern=>"%{DATE_US}|%{DATE_EU}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.951000+0000", :message=>"Adding pattern from file", :name=>"DATESTAMP", :pattern=>"%{DATE}[- ]%{TIME}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.953000+0000", :message=>"Adding pattern from file", :name=>"TZ", :pattern=>"(?:[PMCE][SD]T|UTC)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.955000+0000", :message=>"Adding pattern from file", :name=>"DATESTAMP_RFC822", :pattern=>"%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.956000+0000", :message=>"Adding pattern from file", :name=>"DATESTAMP_OTHER", :pattern=>"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.958000+0000", :message=>"Adding pattern from file", :name=>"SYSLOGTIMESTAMP", :pattern=>"%{MONTH} +%{MONTHDAY} %{TIME}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.959000+0000", :message=>"Adding pattern from file", :name=>"PROG", :pattern=>"(?:[\\w._/%-]+)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.960000+0000", :message=>"Adding pattern from file", :name=>"SYSLOGPROG", :pattern=>"%{PROG:program}(?:\\[%{POSINT:pid}\\])?", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.962000+0000", :message=>"Adding pattern from file", :name=>"SYSLOGHOST", :pattern=>"%{IPORHOST}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.963000+0000", :message=>"Adding pattern from file", :name=>"SYSLOGFACILITY", :pattern=>"<%{NONNEGINT:facility}.%{NONNEGINT:priority}>", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.965000+0000", :message=>"Adding pattern from file", :name=>"HTTPDATE", :pattern=>"%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.966000+0000", :message=>"Adding pattern from file", :name=>"QS", :pattern=>"%{QUOTEDSTRING}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.968000+0000", :message=>"Adding pattern from file", :name=>"SYSLOGBASE", :pattern=>"%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.969000+0000", :message=>"Adding pattern from file", :name=>"COMMONAPACHELOG", :pattern=>"%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.970000+0000", :message=>"Adding pattern from file", :name=>"COMBINEDAPACHELOG", :pattern=>"%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:57.972000+0000", :message=>"Adding pattern from file", :name=>"LOGLEVEL", :pattern=>"([A-a]lert|ALERT|[T|t]race|TRACE|[D|d]ebug|DEBUG|[N|n]otice|NOTICE|[I|i]nfo|INFO|[W|w]arn?(?:ing)?|WARN?(?:ING)?|[E|e]rr?(?:or)?|ERR?(?:OR)?|[C|c]rit?(?:ical)?|CRIT?(?:ICAL)?|[F|f]atal|FATAL|[S|s]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/grok-patterns", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:58.122000+0000", :message=>"Adding pattern from file", :name=>"HAPROXYTIME", :pattern=>"(?!<[0-9])%{HOUR:haproxy_hour}:%{MINUTE:haproxy_minute}(?::%{SECOND:haproxy_second})(?![0-9])", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/haproxy", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:58.124000+0000", :message=>"Adding pattern from file", :name=>"HAPROXYDATE", :pattern=>"%{MONTHDAY:haproxy_monthday}/%{MONTH:haproxy_month}/%{YEAR:haproxy_year}:%{HAPROXYTIME:haproxy_time}.%{INT:haproxy_milliseconds}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/haproxy", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:58.125000+0000", :message=>"Adding pattern from file", :name=>"HAPROXYCAPTUREDREQUESTHEADERS", :pattern=>"%{DATA:captured_request_headers}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/haproxy", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:58.127000+0000", :message=>"Adding pattern from file", :name=>"HAPROXYCAPTUREDRESPONSEHEADERS", :pattern=>"%{DATA:captured_response_headers}", :path=>"file:/usr/share/logstash/logstash-1.3.3-flatjar.jar!/patterns/haproxy", :level=>:debug, :file=>"/usr/share/logstash/logstash-1.3.3-flatjar.jar!/logstash/filters/grok.rb", :line=>"417"}
{:timestamp=>"2014-04-30T09:59:58.129000+0000", :message=>"Adding pattern from file", :name=>"HAPROXYHTTP", :pattern=>"%{SYSLOGTIMESTAMP:syslog_timestamp} %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{IP:client_ip}:%{INT:client_port} \\[%{HAPROXYDATE:accept_
|
