diff --git a/prelude-lml-3.0.0.tar.gz b/prelude-lml-3.0.0.tar.gz
deleted file mode 100644
index 99a2b93..0000000
--- a/prelude-lml-3.0.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:53e3ccba2e3842e583739234366b6a5241dc6a8d18da501e6c9ff5e2b9792814
-size 1391203
diff --git a/prelude-lml-3.1.0.tar.gz b/prelude-lml-3.1.0.tar.gz
new file mode 100644
index 0000000..f0bc852
--- /dev/null
+++ b/prelude-lml-3.1.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:32a7e2256ae3b87b84b3da05b60fed0bb5e3b32e2f6794516c435eda1d753384
+size 1408600
diff --git a/prelude-lml-conf_rsyslog.patch b/prelude-lml-conf_rsyslog.patch
new file mode 100644
index 0000000..7fe425d
--- /dev/null
+++ b/prelude-lml-conf_rsyslog.patch
@@ -0,0 +1,38 @@
+From: Thomas Andrejak <thomas.andrejak@gmail.com>
+Date: 2017-02-27 23:25:00 +0100
+References: Specific
+Upstream: no
+Subject: Add default syslog format to work out of the box
+
+--- prelude-lml.conf	2016-09-15 09:03:39.835000884 +0200
++++ prelude-lml.conf	2017-02-18 00:46:18.061525071 +0100
+@@ -88,6 +88,13 @@
+ #
+ 
+ 
++[format=rsyslog]
++time-format = "%Y-%m-%dT%H:%M:%S" 
++prefix-regex = "^(?P<timestamp>.{20}).{12} (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
++file = /var/log/messages
++file = /var/log/secure
++
++
+ [format=syslog]
+ time-format = "%b %d %H:%M:%S"
+ prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
+--- prelude-lml.conf.in	2016-09-15 08:49:20.170000884 +0200
++++ prelude-lml.conf.in	2017-02-18 00:46:47.168897144 +0100
+@@ -88,6 +88,13 @@
+ #
+ 
+ 
++[format=rsyslog]
++time-format = "%Y-%m-%dT%H:%M:%S" 
++prefix-regex = "^(?P<timestamp>.{20}).{12} (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
++file = /var/log/messages
++file = /var/log/secure
++
++
+ [format=syslog]
+ time-format = "%b %d %H:%M:%S"
+ prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
diff --git a/prelude-lml.changes b/prelude-lml.changes
index adefe2d..6bcf15f 100644
--- a/prelude-lml.changes
+++ b/prelude-lml.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Fri Feb 10 00:33:55 UTC 2017 - thomas.andrejak@gmail.com
+
+- Update to 3.1.0 (Prelude 3.1.0 released on 14 Sept 2016)
+- Add missing /var/lib/prelude-lml dir
+- Remove unnecessary spool directory
+- Patch the configuration to be naturally OK with rsyslog
+  prelude-lml-conf_rsyslog.patch
+- Spec-Cleaner
+
 -------------------------------------------------------------------
 Thu Jan 26 21:35:45 UTC 2017 - jengelh@inai.de
 
diff --git a/prelude-lml.spec b/prelude-lml.spec
index 19ff721..3e40f93 100644
--- a/prelude-lml.spec
+++ b/prelude-lml.spec
@@ -17,20 +17,24 @@
 
 
 Name:           prelude-lml
-Version:        3.0.0
+Version:        3.1.0
 Release:        0
 Summary:        The prelude log analyzer
-License:        GPL-3.0+
+# Prelude is GPL-2.0+
+# libmissing is LGPL-2.1+
+# libmissing/test is GPL-3.0+
+License:        GPL-2.0+ and LGPL-2.1 and GPL-3.0+
 Group:          System/Daemons
 Url:            https://www.prelude-siem.org
-Source0:        https://www.prelude-siem.org/pkg/src/3.0.0/%{name}-%{version}.tar.gz
+Source0:        https://www.prelude-siem.org/pkg/src/%{version}/%{name}-%{version}.tar.gz
 Source1:        %{name}.service
 Source2:        %{name}.run
+# Add default syslog format to work out of the box
+Patch0:         %{name}-conf_rsyslog.patch
 BuildRequires:  gamin-devel
 BuildRequires:  libprelude-devel
 BuildRequires:  pcre-devel
 BuildRequires:  systemd
-Requires:       libprelude23
 %{?systemd_requires}
 
 %description
@@ -52,6 +56,7 @@ Prelude LML plugins.
 
 %prep
 %setup -q
+%patch0
 
 %build
 %configure
@@ -60,13 +65,13 @@ make %{?_smp_mflags}
 %install
 mkdir -p %{buildroot}/%{_sysconfdir}/%{name}/ruleset/
 mkdir -p %{buildroot}/%{_sbindir}
-make install DESTDIR=%{buildroot} INSTALL="%{__install} -c -p"
+%make_install
 rm -f %{buildroot}/%{_libdir}/%{name}/debug.la
 rm -f %{buildroot}/%{_libdir}/%{name}/pcre.la
 install -d -m 0755 %{buildroot}/%{_tmpfilesdir}
 install -m 0644 %{SOURCE2} %{buildroot}/%{_tmpfilesdir}/%{name}.conf
-mkdir -p %{buildroot}/%{_localstatedir}/spool/prelude/%{name}/
-ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rc%{name}
+mkdir -p %{buildroot}/%{_var}/lib/%{name}
+ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
 rm -rf %{buildroot}/%{_localstatedir}/run/%{name}
 install -D -m 444 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
 
@@ -75,7 +80,7 @@ install -D -m 444 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
 
 %post
 /sbin/ldconfig
-/usr/bin/systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf
+%{_bindir}/systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf
 %service_add_post %{name}.service
 
 %preun
@@ -99,8 +104,8 @@ install -D -m 444 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
 %{_sbindir}/rc%{name}
 %dir %{_tmpfilesdir}
 %{_tmpfilesdir}/%{name}.conf
-%attr(0750,-,-) %dir %{_localstatedir}/spool/prelude/%{name}
 %{_unitdir}/%{name}.service
+%dir %{_var}/lib/%{name}
 
 %files devel
 %defattr(-,root,root,-)