I cant make work multi grok filter for a file type

Hi,
I'm on my way to parse Cisco PIX 515 Log. In the log file, there is 3 kind of line I would like to parse. My grok filters are working individually. I tested them with the grokdebugger. But as soon as I put them together in my config file, nothing is sent to elasticsearch. I'm using logstash 1.4.2, on ubuntu 14.04, with java version "1.7.0_79.

Below is my config file :

CISCO_NAT_OUTGOING_TCP and CISCO_NAT_INCOMING_TCP are defined in the pattern file.

input {
file {
path => "/var/log/pix-*.log"
type => "Pix"
}
}
filter {
if [type] == "Pix"{
grok {
match => ["message", "%{CISCO_NAT_OUTGOING_TCP}"]
add_tag => ["main-firewall", "Pix"]
patterns_dir => ["/opt/logstash/patterns/pix"]
}
}

if [type] == "Pix"{
grok {
match => ["message", "%{CISCO_NAT_INCOMING_DETAIL}"]
add_tag => ["main-firewall", "Pix-input"]
patterns_dir => ["/opt/logstash/patterns/pix"]
}
if [type] == "Pix"{
grok {
match => ["message", "%{CISCO_NAT_OUTGOING_DETAIL}"]
add_tag => ["main-firewall", "Pix-output"]
patterns_dir => ["/opt/logstash/patterns/pix"]
}
}
if "_grokparsefailure" in [tags] {
drop { }
}
}

output {
stdout { }
elasticsearch {
cluster => "elasticsearch-cluster-name"
}
}

Any idea ?

Try this instead;

match => ["message", "%{CISCO_NAT_OUTGOING_DETAIL}, "%{CISCO_NAT_OUTGOING_TCP}" , "%{CISCO_NAT_OUTGOING_DETAIL}" ]

Or try using elseif's for the other two conditionals.

Hi Mark, thx for your answer.
The
match => ["message","%{OUTGOING}]
match => ["message","%{INCOMING}]
way works thx !

But how can I add a tag like "OUTGOING" for the first match and "INCOMING" for the second this way ?
Because the elseif syntax won t match as I make some test on the file type "PIX"

Regards !