diff --git a/config/filter.d/wuftpd.conf b/config/filter.d/wuftpd.conf
index 3351d258..5c1cbb58 100644
--- a/config/filter.d/wuftpd.conf
+++ b/config/filter.d/wuftpd.conf
@@ -4,14 +4,21 @@
 #
 #
 
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
 [Definition]
 
+_daemon = wu-ftpd
+
 # Option: failregex
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT
 #
-failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>$
-            wu-ftpd(?:\[\d+\])?: *failed login from .*\[<HOST>\] *$
+failregex = ^%(__prefix_line)sfailed login from \S+ \[<HOST>\]$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
diff --git a/testcases/files/logs/wuftpd b/testcases/files/logs/wuftpd
index 22ac0303..bbb816cc 100644
--- a/testcases/files/logs/wuftpd
+++ b/testcases/files/logs/wuftpd
@@ -1,3 +1,5 @@
 # This login line is from syslog
 # failJSON: { "time": "2004-10-06T09:59:26", "match": true , "host": "202.108.145.173" }
 Oct  6 09:59:26 myserver wu-ftpd[18760]: failed login from hj-145-173-a8.bta.net.cn [202.108.145.173]
+# failJSON: { "time": "2004-10-11T16:45:07", "match": true , "host": "198.51.100.71" }
+Oct 11 16:45:07 ubuntu wu-ftpd[2360]: failed login from example.com [198.51.100.71]