I would ask if someone use Grok log parsing for stunnel and, if yes, what kind of filter statement are you using? At the moment I've just created 2 parser: STUNNEL_AcceptedConnectionParser %{date("yyyy.MM.dd HH:mm:ss"):date} LOG%{integer:loglevel}\[%{integer:session_id}\]\: Service \[%{word:csb_name}\-%{word:csb_port}\] accepted connection from %{ipv4:caller_ip}\:%{port:caller_port} and STUNNEL_ConnectionClosedParser %{date("yyyy.MM.dd HH:mm:ss"):date} LOG%{integer:loglevel}\[%{integer:session_id}\]\: Connection closed\: %{integer:byte_tx} byte\(s\) sent to SSL\, %{integer:byte_rx} byte\(s\) sent to socket I'm new with Grok and all the things related to log match-and-parse, so I think that there will be a much better solution than mine, anyway Google this time doesn't help unfortunately. Thank you so much to all those who will help me with this stuff! Manuele