diff --git a/patterns/citrixadc b/patterns/citrixadc
new file mode 100644
index 00000000..74504f96
--- /dev/null
+++ b/patterns/citrixadc
@@ -0,0 +1 @@
+CITRIXADC_LOG %{SYSLOG5424PRI:citrixadc_syslog5424pri} %{DATE:citrixadc_date}:%{TIME:citrixadc_time}  %{NOTSPACE:citrixadc_hostname} %{NOTSPACE:citrixadc_packetengine} : %{WORD} %{WORD:citrixadc_module} %{WORD:citrixadc_eventtype} %{WORD:citrixadc_eventid} \d :  %{GREEDYDATA:citrixadc_message}
\ No newline at end of file
diff --git a/spec/patterns/citrixadc_spec.rb b/spec/patterns/citrixadc_spec.rb
new file mode 100644
index 00000000..1679f6e4
--- /dev/null
+++ b/spec/patterns/citrixadc_spec.rb
@@ -0,0 +1,20 @@
+# encoding: utf-8
+require "spec_helper"
+require "logstash/patterns/core"
+
+describe "CIRIXADC" do
+
+  let(:citrixadc_pattern) { "CITRIXADC_LOG" }
+
+  context "Parsing Citrix ADC log line from raw syslog line" do
+
+    let(:value) { '"<134> 08/02/2020:14:53:24  vpx 0-PPE-0 : default CLI CMD_EXECUTED 1488010 0 :  User nsroot - Remote_ip 192.168.0.1 - Command \"save ns config\" - Status \"Success\"\n"' }
+    subject     { grok_match(citrixadc_pattern, value) }
+
+    it { should include("citrixadc_hostname" => "vpx") }
+    it { should include("citrixadc_module" => "CLI") }
+    it { should include("citrixadc_eventtype" => "CMD_EXECUTED") }
+
+  end
+
+end