##############################################
# Configuration for the Prelude LML Sensor   #
##############################################

[Prelude LML]

# Address where the Prelude Manager Server is listening on.
# if value is "127.0.0.1", the connection will occur throught
# an UNIX socket.
#
# This entry is disabled. The default is to use the entry 
# located in sensors-default.conf... You may overwrite the
# default address for this sensor by uncommenting this entry.
#
# manager-addr = 127.0.0.1;


# Configuration for the UDP message receiver.
# commented out by default since most people only want to 
# monitor files.
# 
# [Udp-Srvr]
#
# port = 514
# addr = 0.0.0.0



#
# Files to monitor
#
file = /var/log/auth.log
file = /var/log/messages


#
# Specifies the maximum difference, in seconds, between
# the interval of two logfiles' rotation. If this difference 
# is reached, a high severity alert will be emited
#
rotation-interval = 3600


####################################
# Here start plugins configuration #
####################################

[SimpleMod]

ruleset=@configdir@/ruleset/simple.rules;


# [Debug]
#
# This plugin issue an alert for each packet.
# Carefull to the loging activity it generate.