##############################################
# Configuration for the Prelude LML Sensor   #
##############################################

# Address where the Prelude Manager Server is listening on.
# if value is "127.0.0.1", the connection will occur throught
# an UNIX socket.
#
# This entry is disabled. The default is to use the entry 
# located in sensors-default.conf... You may overwrite the
# default address for this sensor by uncommenting this entry.
#
# manager-addr = 127.0.0.1


# Configuration for the UDP message receiver.
# commented out by default since most people only want to 
# monitor files.
# 
# [Udp-Srvr]
#
# port = 514
# addr = 0.0.0.0


#
# Files to monitor
#
# You should define the log format / log timestamp format before
# you define a file to monitor. If not specified, syslog format is
# used.
#
# In order to set log-fmt, you can use the token :
# %p (process name)
# %h (hostname).
#
# In order to set time-fmt, please have a look at the strptime(3) manpage.
#
# Example configuration for syslog output:
#
time-format = "%b %d %H:%M:%S"
log-format = "%ltime %thost %tprog "

file = /var/log/messages
file = /var/log/auth.log

# Example configuration for metalog output:
#
# time-format = "%b %d %H:%M:%S"
# log-format = "%ltime [%tprog]"
#
# file = /var/log/everything/current


# Example configuration for apache output:
#
# time-format = "%d/%b/%Y:%H:%M:%S +0000"
# log-format = "%thost - - [%ltime] "
#
# file = /var/log/apache2/access_log

#
# Specifies the maximum difference, in seconds, between
# the interval of two logfiles' rotation. If this difference 
# is reached, a high severity alert will be emited
#
rotation-interval = 3600


####################################
# Here start plugins configuration #
####################################

[SimpleMod]

ruleset=@configdir@/ruleset/simple.rules


# [Debug]
#
# This plugin issue an alert for each packet.
# Carefull to the loging activity it generate.
# 
# Triger Report to the console.
# stderr