diff --git a/config/filter.d/xinetd-fail.conf b/config/filter.d/xinetd-fail.conf
index 4ff5bfde..253ce15d 100644
--- a/config/filter.d/xinetd-fail.conf
+++ b/config/filter.d/xinetd-fail.conf
@@ -4,8 +4,17 @@
 #
 #
 
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
 [Definition]
 
+_daemon = xinetd
+
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
@@ -19,8 +28,8 @@
 # load => xinetd: max_load (temporary problem)
 #
 
-failregex = xinetd(?:\[\d{1,5}\])?: FAIL: \S+ address from=<HOST>$
-            xinetd(?:\[\d{1,5}\])?: FAIL: \S+ libwrap from=<HOST>$
+failregex = ^%(__prefix_line)sFAIL: \S+ address from=<HOST>$
+            ^%(__prefix_line)sFAIL: \S+ libwrap from=<HOST>$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
diff --git a/testcases/files/logs/xinetd-fail b/testcases/files/logs/xinetd-fail
new file mode 100644
index 00000000..8545a067
--- /dev/null
+++ b/testcases/files/logs/xinetd-fail
@@ -0,0 +1,4 @@
+# failJSON: { "time": "2005-05-15T17:38:49", "match": true , "host": "198.51.100.169" }
+May 15 17:38:49 boo xinetd[16256]: FAIL: telnet address from=198.51.100.169
+# failJSON: { "time": "2005-08-03T14:38:49", "match": true , "host": "198.51.100.223" }
+Aug  3 14:38:49 backup xinetd[31234]: FAIL: amanda libwrap from=198.51.100.223