Hello, We are studying in my university the possibility to deploy ossec. I have done an testing plateform in order to evaluate and understand the product. It seems to me very interesting but needs a lot of work to parameter it. and to organise actions relative to the alerts recieved.
My question: Is it possible to analyse a log file extact from another server. For exemple, I have a log file in syslog format from a server that I want to analyse. Is it possible to "give" the fiele to ossec in order to see the alerts it can see in it ? What I think to do is to extract each line of my log file, extract useful information and inject log me.ssage through the command logger. Is there a solution already done in ossec relative to this need. Thank for any help Excuse for my poor enghish
