That's what I had hoped, however OSSEC prepends information to each line in
the archive log. It would be great if OSSEC could recognise it's own log
format, thus it could re-ingest preserving host information and time stamps.
Mart.
On 28 October 2017 at 02:17, Alberto Rodriguez
wrote:
> Hel
Hello Martin
If you are referring to include the archive logs (system log files,
program log files, etc) you only need to monitor an empty file with Ossec,
and then add all contents of your file inside this file: i.e. cat
old_log_file.log >> empty_file.log.
Hope it help.
Best regards,
On Wed,
Hi
I have an old ossec instance which is due for retirement. I have built a
new instance on the latest version.
Is it possible to take the archive logs from the old instance and somehow
re-process them through the new instance? I'd like to have all the
history in one place, if that's possi