$OpenBSD: patch-prelude-lml_conf_in,v 1.5 2007/05/26 01:14:33 aanriot Exp $
--- prelude-lml.conf.in.orig	Thu May 17 13:26:01 2007
+++ prelude-lml.conf.in	Thu May 17 13:30:09 2007
@@ -49,11 +49,27 @@ include = @LIBPRELUDE_CONFIG_PREFIX@/default/idmef-cli
 #
 # Example: file = /var/log/*/*.log
 
+[format=syslog]
+time-format = "%b %d %H:%M:%S"
+prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
+file = /var/log/authlog
+# udp-server = 0.0.0.0
 
+[format=syslog]
+time-format = "%b %d %H:%M:%S"
+prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
+file = /var/log/daemon
+# udp-server = 0.0.0.0
 
 [format=syslog]
-time-format = "%b %d %H:%M:%S" 
+time-format = "%b %d %H:%M:%S"
 prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
+file = /var/log/maillog
+# udp-server = 0.0.0.0
+
+[format=syslog]
+time-format = "%b %d %H:%M:%S"
+prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
 file = /var/log/messages
 # udp-server = 0.0.0.0
 
@@ -61,10 +77,10 @@ file = /var/log/messages
 #
 # Sample configuration for metalog:
 #
-[format=metalog]
-prefix-regex = "^(?P<timestamp>.{15}) \[(?P<process>\S+)\] "
-time-format = "%b %d %H:%M:%S" 
-file = /var/log/everything/current
+# [format=metalog]
+# prefix-regex = "^(?P<timestamp>.{15}) \[(?P<process>\S+)\] "
+# time-format = "%b %d %H:%M:%S" 
+# file = /var/log/everything/current
 # udp-server = 0.0.0.0
 
 
@@ -74,8 +90,12 @@ file = /var/log/everything/current
 [format=apache]
 time-format = "%d/%b/%Y:%H:%M:%S"
 prefix-regex = "^(?P<hostname>\S+) - - \[(?P<timestamp>.{20}) \[+-].{4}\] "
-file = /var/log/apache2/access_log
+file = /var/www/logs/access_log
 
+[format=apache-error]
+time-format = "%a %b %d %H:%M:%S %Y"
+prefix-regex = "^\[(?P<timestamp>.{24})\]"
+file = /var/www/logs/error_log
 
 #
 # Specifies the maximum difference, in seconds, between
