Logstash : Cant filter syslog from Pfsense firewall

hi everyone,
i have an hard time filtering logs comming from a pfsense firewall
i tried a lot of filters and groks but nothing's working
it seems that logstash isnt reading filters or something
doesnt any one have an idea how to fix that?

here is my filter file

filter {
if [type] == "syslog" {

#change to pfSense ip address
if [host] =~ /172\.16\.52\.250/ {
  mutate {
    add_tag => ["PFSense", "Ready"]
  }
}

if "Ready" not in [tags] {
  mutate {
    add_tag => [ "syslog" ]
  }
}

}
}

filter {
if [type] == "syslog" {
mutate {
remove_tag => "Ready"
}
}
}

filter {
if "syslog" in [tags] {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
locale => "en"
}

if !("_grokparsefailure" in [tags]) {
  mutate {
    replace => [ "@source_host", "%{syslog_hostname}" ]
    replace => [ "@message", "%{syslog_message}" ]
  }
}

mutate {
  remove_field => [ "syslog_hostname", "syslog_message", "syslog_timestamp" ]
}

if "_grokparsefailure" in [tags] {

drop { }

}

}
}

BTW: the config is not returning any errors, the logs are recieved by Graylog2 but not filtered and parsed
here is an exemple

<14>Nov 17 14:35:53 172.16.52.250 id=firewall time="2016-11-17 14:50:48" fw="cbv-fw02" tz=+0100 startime="2016-11-17 14:48:48" pri=5 confid=01 slotlevel=2 ruleid=45 srcif="Ethernet1" srcifname="production" ipproto=udp dstif="Vlan2" dstifname="INTERCOFW" proto=dns src=10.56.130.9 srcport=49286 srcportname=ephemeral_fw_udp srcname=H_CBV-DC02 dst=192.168.204.1 dstport=53 dstportname=dns_udp dstname=cbv-fw01.production.infra modsrc=10.56.130.9 modsrcport=49286 origdst=192.168.204.1 origdstport=53 sent=52 rcvd=204 duration=0.00 logtype="connection"#015#012#000 info

cheers

For best chances of getting an answer to your question, please edit your post and move it to the Logstash category.

You aren't seeing any errors because you are dropping the event if there is a grokparsefailure.

Comment out:

and you'll start seeing the errors.
Then start by stepping through your match statement to figure out the right way to parse it.

This might be a good place to use the key pair plugin to reduce your effort.
https://www.elastic.co/guide/en/logstash/current/plugins-filters-kv.html