diff --git a/Reference-Manual-(v3.x).mediawiki b/Reference-Manual-(v3.x).mediawiki
index ad7c397..93b2d54 100644
--- a/Reference-Manual-(v3.x).mediawiki
+++ b/Reference-Manual-(v3.x).mediawiki
@@ -349,6 +349,50 @@ The possible values are:
; Serial : Audit log entries will be stored in a single file, specified by SecAuditLog. This is convenient for casual use, but it can slow down the server, because only one audit log entry can be written to the file at any one time.
; Concurrent : One file per transaction is used for audit logging. This approach is more scalable when heavy logging is required (multiple transactions can be recorded in parallel).
+== SecAuditLogHeader ==
+'''Description:''' Configures a text that will be prepended to each audit log line.
+
+'''Syntax''': SecAuditLogHeader "text"
+
+'''Version:''' 3.0.15
+
+This parameter is only used when audit log format is set to native.
+Intended to be used in situations where the log target receives entries from multiple log sources (for example when the audit log is written to stdout using `SecAuditLog /dev/stdout`).
+
+'''Example:'''
+
+SecAuditEngine RelevantOnly
+SecAuditLog /dev/stdout
+SecAuditLogParts ABHZ
+SecAuditLogType Serial
+SecAuditLogRelevantStatus ^(?:5|4(?!04))
+SecAuditLogHeader "[audit.log]: "
+
+
+'''Audit log:'''
+
+[audit.log]: ---Lm20Vggw---A--
+[audit.log]: [07/Aug/2025:18:00:57 +0200] 17545824577.300397 200.249.12.31 2313 200.249.12.31 80
+[audit.log]: ---Lm20Vggw---B--
+[audit.log]: GET /test.pl?param1= test ¶m2=test2 HTTP/1.1
+[audit.log]: Host: www.modsecurity.org
+[audit.log]: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
+[audit.log]: Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
+[audit.log]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+[audit.log]: Accept-Language: en-us,en;q=0.5
+[audit.log]: Accept-Encoding: gzip,deflate
+[audit.log]: Keep-Alive: 300
+[audit.log]: Connection: keep-alive
+[audit.log]: Pragma: no-cache
+[audit.log]: Cache-Control: no-cache
+[audit.log]:
+[audit.log]:
+[audit.log]: ---Lm20Vggw---H--
+[audit.log]: ModSecurity: Access denied with code 403 (phase 1). Matched "Operator `Contains' with parameter `test' against variable `ARGS:param2' (Value: `test2' ) [file "auditlog.json"] [line "2"] [id "1"] [rev ""] [msg ""] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "200.249.12.31"] [uri "/test.pl"] [unique_id "17545824577.300397"] [ref "o0,4v20,10t:trimo0,4v38,5t:trim"]
+[audit.log]:
+[audit.log]: ---Lm20Vggw---Z--
+
+
== SecCacheTransformations ==
''Not supported in v3'''