Hi all, Rick, you replied to a query of mine (the thread was called "Replaying old logs", started 8 Aug).
I've been away since and haven't had the time to test it. To refresh, I wanted to analyse some old logs and I netcatted them to a file on the server where ossec was; and ossec was reading from this file. I asked the mailing list if this could be done without creating a file, and you recommended creating a fifo file with mkfifo. Then netcat should send the log to this fifo and ossec should read from it. Doesn't work, not sure why... I gave the fifo full 777 rights to be sure; and when watching fifo with "tail -f", I see that the log appears in the "pipe"... Have you tried the fifo method? What could be wrong? BTW, is there a better way to analyse old logs with ossec (better then "replaying" them)? Thanks, Kal Kalman Dee Canberra, Australia
