Laravel Logs to Logstash

logstash.conf

input {
    lumberjack {
        port => 5000
        type => "logs"
        ssl_certificate => "/shared/logstash-certs/logstash-forwarder.crt"
        ssl_key => "/shared/logstash-certs/logstash-forwarder.key"
    }
}

## Add your filters here
output {
    elasticsearch { }
}

filter {
    # Laravel log files
    if [type] == "laravel" {
        grok {
            match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{DATA:environment}\.%{LOGLEVEL:severity}: %{GREEDYDATA:message}" }
        }

        multiline {
            pattern => "^\["
            what => "previous"
            negate => true
        }
    }


    # Syslog Messages
    if [type] == "syslog" {
        grok {
            match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
            add_field => [ "received_at", "%{@timestamp}" ]
            add_field => [ "received_from", "%{host}" ]
        }
        syslog_pri { }
        date {
            match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
        }
    }
}

logstash_forwarder.conf

{
    "network": {
        "servers": [ "hostname.tld:5000" ],
        "timeout": 15,
        "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt"
    },
    "files": [
    {
        "paths": [
            "/var/log/testlog"
        ],
        "fields": { "type": "laravel", "app": "test-app" },
        "tags": [ "multiline" ]
    },
    {
        "paths": [
            "/var/log/syslog"
        ],
        "fields": { "type": "syslog" }
    }
    ]
}

test_log

[2015-10-22 13:31:56] local.ERROR: exception 'ReflectionException' with message 'Class App\Console\Commands\TestLog does not exist' in /Users/scott/Downloads/tmp/logstash-test/vendor/laravel/framework/src/Illuminate/Container/Container.php:737
Stack trace:
#0 /Users/scott/Downloads/tmp/logstash-test/vendor/laravel/framework/src/Illuminate/Container/Container.php(737): ReflectionClass->__construct('App\\Console\\Com...')
#1 /Users/scott/Downloads/tmp/logstash-test/vendor/laravel/framework/src/Illuminate/Container/Container.php(627): Illuminate\Container\Container->build('App\\Console\\Com...', Array)
#2 /Users/scott/Downloads/tmp/logstash-test/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(674): Illuminate\Container\Container->make('App\\Console\\Com...', Array)
#3 /Users/scott/Downloads/tmp/logstash-test/vendor/laravel/framework/src/Illuminate/Console/Application.php(109): Illuminate\Foundation\Application->make('App\\Console\\Com...')
#4 /Users/scott/Downloads/tmp/logstash-test/vendor/laravel/framework/src/Illuminate/Console/Application.php(123): Illuminate\Console\Application->resolve('App\\Console\\Com...')
#5 /Users/scott/Downloads/tmp/logstash-test/vendor/laravel/framework/src/Illuminate/Foundation/Console/Kernel.php(226): Illuminate\Console\Application->resolveCommands(Array)
#6 /Users/scott/Downloads/tmp/logstash-test/vendor/laravel/framework/src/Illuminate/Foundation/Console/Kernel.php(107): Illuminate\Foundation\Console\Kernel->getArtisan()
#7 /Users/scott/Downloads/tmp/logstash-test/artisan(36): Illuminate\Foundation\Console\Kernel->handle(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#8 {main}
[2015-10-22 13:41:16] local.DEBUG: I'm a debug message
[2015-10-22 13:41:16] local.INFO: I am an info message
[2015-10-22 13:41:16] local.NOTICE: I am a notice message
[2015-10-22 13:41:16] local.WARNING: I am a warning message
[2015-10-22 13:41:16] local.ERROR: I am an ERROR
[2015-10-22 13:41:16] local.CRITICAL: Seriously bad error message
[2015-10-22 13:41:16] local.ALERT: I am an alert