*** etc/decoder.xml 2007-05-04 20:13:45.000000000 -0400 --- etc/decoder.xml.new 2007-06-14 13:01:38.000000000 -0400 *************** *** 974,979 **** --- 974,993 ---- </decoder> + <decoder name="modsecurity-errorlog"> + <prematch>^[modsecurity] </prematch> + </decoder> + + <decoder name="modsecurity-errorlog-ip"> + <parent>modsecurity-errorlog</parent> + + <prematch offset="after_parent">^[client</prematch> + <regex offset="after_prematch">^ (\d+.\d+.\d+.\d+)] </regex> + <order>srcip</order> + </decoder> + + + <!-- NCSA common log decoder (used by apache, Lotus Domino and IIS NCSA).