*** etc/decoder.xml	2007-05-04 20:13:45.000000000 -0400
--- etc/decoder.xml.new	2007-06-14 13:01:38.000000000 -0400
***************
*** 974,979 ****
--- 974,993 ----
  </decoder> 
  
  
+ <decoder name="modsecurity-errorlog">
+   <prematch>^[modsecurity] </prematch>
+ </decoder>  
+ 
+ <decoder name="modsecurity-errorlog-ip">
+   <parent>modsecurity-errorlog</parent>
+   
+   <prematch offset="after_parent">^[client</prematch>
+   <regex offset="after_prematch">^ (\d+.\d+.\d+.\d+)] </regex>
+   <order>srcip</order>
+ </decoder> 
+ 
+ 
+ 
  
  
  <!-- NCSA common log decoder (used by apache, Lotus Domino and IIS NCSA).