I would ask if someone use Grok log parsing for stunnel and, if yes, what kind of filter statement are you using?
At the moment I've just created 2 parser:
STUNNEL_AcceptedConnectionParser
%{date("yyyy.MM.dd HH:mm:ss"):date} LOG%{integer:loglevel}[%{integer:session_id}]: Service [%{word:csb_name}-%{word:csb_port}] accepted connection from %{ipv4:caller_ip}:%{port:caller_port}
and
STUNNEL_ConnectionClosedParser
%{date("yyyy.MM.dd HH:mm:ss"):date} LOG%{integer:loglevel}[%{integer:session_id}]: Connection closed: %{integer:byte_tx} byte(s) sent to SSL, %{integer:byte_rx} byte(s) sent to socket
I'm new with Grok and all the things related to log match-and-parse, so I think that there will be a much better solution than mine, anyway Google this time doesn't help unfortunately.
Thank you so much to all those who will help me with this stuff!
Manuele