You could cat the file and pipe it to logger, but I think you could add the file as a <localfile> option in ossec.conf. I think ossec will start analyzing the file from the beginning. If I was going to d this I'd probably setup a second server just for doing these types of investigations. dan
On 11/7/09, dav_cict <dlep...@cict.fr> wrote: > > Hello, > > We are studying in my university the possibility to deploy ossec. > I have done an testing plateform in order to evaluate and understand > the product. > It seems to me very interesting but needs a lot of work to parameter > it. and to organise actions relative to the alerts recieved. > > My question: > Is it possible to analyse a log file extact from another server. > For exemple, I have a log file in syslog format from a server that I > want to analyse. > Is it possible to "give" the fiele to ossec in order to see the alerts > it can see in it ? > > What I think to do is to extract each line of my log file, extract > useful information and inject log me.ssage through the command logger. > > Is there a solution already done in ossec relative to this need. > > Thank for any help > > Excuse for my poor enghish >
