{
    "processors": [
        {
    "grok" : {
      "field" : "message",
      "patterns" : [
        "%{LOGDATE:f2b.log_datetime} %{F2BSERVICE} (\\s.*)\\[%{POSINT:f2b.pid}\\]: %{SEVERITY:f2b.severity} (\\s.*)\\[%{DATA:f2b.iptables_chain}\\] %{F2BMESSAGE}"
      ],
      "pattern_definitions" : {
        "REASON" : "(?:.+)",
        "SEVERITY" : "(?:.+)",
        "F2BSERVICE" : "%{WORD}.%{WORD:f2b.service}",
        "F2BACTION" : "%{GREEDYDATA:f2b.action}",
        "F2BMESSAGE" : "(%{F2BACTION} %{IP:f2b.remote_ip})|(%{IP:f2b.remote_ip} %{F2BACTION})",
        "LOGDATE" : "20%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}"
      },
      "ignore_failure" : true
    }
  }
    ]
}