diff --git a/app/reaction.yml b/app/example.yml
similarity index 98%
rename from app/reaction.yml
rename to app/example.yml
index 6629969..aafe50a 100644
--- a/app/reaction.yml
+++ b/app/example.yml
@@ -27,7 +27,7 @@ streams:
   ssh:
     # note that if the command is not in environment's `PATH`
     # its full path must be given.
-    cmd: [ "journalctl" "-fu" "sshd.service" ]
+    cmd: [ "journalctl" "-n0" "-fu" "sshd.service" ]
     # filters run actions when they match regexes on a stream
     filters:
       # filters have a user-defined name
diff --git a/app/main.go b/app/main.go
index 899d7c8..5792a95 100644
--- a/app/main.go
+++ b/app/main.go
@@ -97,7 +97,7 @@ cat FILE | ` + bold + `reaction test-regex` + reset + ` REGEX # test REGEX again
 `)
 }
 
-//go:embed reaction.yml
+//go:embed example.yml
 var exampleConf string
 
 func Main() {
diff --git a/config/activitywatch.jsonnet b/config/activitywatch.jsonnet
new file mode 100644
index 0000000..8100052
--- /dev/null
+++ b/config/activitywatch.jsonnet
@@ -0,0 +1,104 @@
+local directory = '~/.local/share/watch';
+// Those strings will be substitued in each shell() call
+local substitutions = [
+  ['OUTFILE', directory + '/logs-$(date %+F)'],
+  ['TMUXFILE', directory + '/tmux'],
+  ['DATE', '"$(date "+%F %T")"'],
+];
+
+// Substitue each substitutions' item in string
+local sub(str) = std.foldl(
+  (function(changedstr, kv) std.strReplace(changedstr, kv[0], kv[1])),
+  substitutions,
+  str
+);
+local shell(prg) = [
+  'sh',
+  '-c',
+  sub(prg),
+];
+
+{
+  // Startup is currently not implemented
+  startup: shell(|||
+    mkdir -p "$(dirname OUTFILE)"
+    echo DATE start >> OUTFILE
+    # tmux set-hook -g pane-focus-in[50] new-session -d 'echo tmux >> TMUXFILE'
+  |||),
+
+  // Stop is currently not implemented
+  stop: shell(|||
+    tmux set-hook -ug pane-focus-in[50]
+    echo DATE stop >> OUTFILE
+  |||),
+
+  patterns: {
+    all: { regex: '.*' },
+  },
+
+  streams: {
+    // Be notified about each window focus change
+    // FIXME DOESN'T WORK
+    sway: {
+      cmd: shell(|||
+        swaymsg -rm -t subscribe "['window']" | jq -r 'select(.change == "focus") | .container | if has("app_id") and .app_id != null then .app_id else .window_properties.class end'
+      |||),
+      filters: {
+        send: {
+          regex: ['^<all>$'],
+          actions: {
+            send: { cmd: shell('echo DATE focus <all> >> OUTFILE') },
+          },
+        },
+      },
+    },
+
+    // Be notified when user is away
+    swayidle: {
+      cmd: ['swayidle', 'timeout', '60', 'echo sleep', 'resume', 'echo resume'],
+      filters: {
+        send: {
+          regex: ['^<all>$'],
+          actions: {
+            send: { cmd: shell('echo DATE <all> >> OUTFILE') },
+          },
+        },
+      },
+    },
+
+    // Be notified about tmux activity
+    // Limitation: can't handle multiple concurrently attached sessions
+    // tmux: {
+    //   cmd: shell(|||
+    //     LAST_TIME="0"
+    //     LAST_ACTIVITY=""
+    //     while true;
+    //     do
+    //       NEW_TIME=$(tmux display -p '#{session_activity}')
+    //       if [ -n "$NEW_TIME" ] && [ "$NEW_TIME" -gt "$LAST_TIME" ]
+    //       then
+    //         LAST_TIME="$NEW_TIME"
+    //         NEW_ACTIVITY="$(tmux display -p '#{pane_current_command} #{pane_current_path}')"
+    //         if [ -n "$NEW_ACTIVITY" ] && [ "$NEW_ACTIVITY" != "$LAST_ACTIVITY" ]
+    //         then
+    //           LAST_ACTIVITY="$NEW_ACTIVITY"
+    //           echo "tmux $NEW_ACTIVITY"
+    //         fi
+    //       fi
+    //       sleep 10
+    //     done
+    //   |||),
+    //   filters: {
+    //     send: {
+    //       regex: ['^tmux <all>$'],
+    //       actions: {
+    //         send: { cmd: shell('echo DATE tmux <all> >> OUTFILE') },
+    //       },
+    //     },
+    //   },
+    // },
+
+    // Be notified about firefox activity
+    // TODO
+  },
+}
diff --git a/config/reaction.jsonnet b/config/example.jsonnet
similarity index 97%
rename from config/reaction.jsonnet
rename to config/example.jsonnet
index 027eb14..b6f2b38 100644
--- a/config/reaction.jsonnet
+++ b/config/example.jsonnet
@@ -1,6 +1,7 @@
 // This file is using JSONNET, a complete configuration language based on JSON
 // See https://jsonnet.org
 // JSONNET is a superset of JSON, so one can write plain JSON files if wanted.
+// Note that YAML is also supported.
 
 // variables defined for later use.
 local iptablesban = ['ip46tables', '-w', '-A', 'reaction', '1', '-s', '<ip>', '-j', 'DROP'];
@@ -29,7 +30,7 @@ local iptablesunban = ['ip46tables', '-w', '-D', 'reaction', '1', '-s', '<ip>',
     ssh: {
       // note that if the command is not in environment's `PATH`
       // its full path must be given.
-      cmd: ['journalctl', '-fu', 'sshd.service'],
+      cmd: ['journalctl', '-n0', '-fu', 'sshd.service'],
       // filters run actions when they match regexes on a stream
       filters: {
         // filters have a user-defined name
diff --git a/config/example.yml b/config/example.yml
new file mode 120000
index 0000000..1efef98
--- /dev/null
+++ b/config/example.yml
@@ -0,0 +1 @@
+../app/example.yml
\ No newline at end of file
diff --git a/config/heavy-load.yml b/config/heavy-load.yml
new file mode 100644
index 0000000..5560b35
--- /dev/null
+++ b/config/heavy-load.yml
@@ -0,0 +1,70 @@
+---
+patterns:
+  num:
+    regex: '[0-9]+'
+  ip:
+    regex: '(?:(?:[0-9]{1,3}\.){3}[0-9]{1,3})|(?:[0-9a-fA-F:]{2,90})'
+    ignore:
+      - 1.0.0.1
+
+streams:
+  tailDown1:
+    cmd: [ "sh", "-c", "sleep 2; seq 100010 | while read i; do echo found $(($i % 100)); done" ]
+    filters:
+      findIP:
+        regex:
+          - '^found <num>$'
+        retry: 50
+        retry-period: 1m
+        actions:
+          damn:
+            cmd: [ "echo", "<num>" ]
+          undamn:
+            cmd: [ "echo", "undamn", "<num>" ]
+            after: 1m
+            onexit: false
+  tailDown2:
+    cmd: [ "sh", "-c", "sleep 2; seq 100010 | while read i; do echo prout $(($i % 100)); done" ]
+    filters:
+      findIP:
+        regex:
+          - '^prout <num>$'
+        retry: 50
+        retry-period: 1m
+        actions:
+          damn:
+            cmd: [ "echo", "<num>" ]
+          undamn:
+            cmd: [ "echo", "undamn", "<num>" ]
+            after: 1m
+            onexit: false
+  tailDown3:
+    cmd: [ "sh", "-c", "sleep 2; seq 100010 | while read i; do echo nanana $(($i % 100)); done" ]
+    filters:
+      findIP:
+        regex:
+          - '^nanana <num>$'
+        retry: 50
+        retry-period: 2m
+        actions:
+          damn:
+            cmd: [ "true" ]
+          undamn:
+            cmd: [ "true" ]
+            after: 1m
+            onexit: false
+  tailDown4:
+    cmd: [ "sh", "-c", "sleep 2; seq 100010 | while read i; do echo nanana $(($i % 100)); done" ]
+    filters:
+      findIP:
+        regex:
+          - '^nomatch <num>$'
+        retry: 50
+        retry-period: 2m
+        actions:
+          damn:
+            cmd: [ "echo", "<num>" ]
+          undamn:
+            cmd: [ "echo", "undamn", "<num>" ]
+            after: 1m
+            onexit: false
diff --git a/config/reaction.yml b/config/reaction.yml
deleted file mode 120000
index 492ca9a..0000000
--- a/config/reaction.yml
+++ /dev/null
@@ -1 +0,0 @@
-../app/reaction.yml
\ No newline at end of file
diff --git a/config/reaction.test.jsonnet b/config/test.jsonnet
similarity index 100%
rename from config/reaction.test.jsonnet
rename to config/test.jsonnet