I want to reprocess log entries that have already been received, so I'm pulling lines from ./logs/archives/archives.log and piping them into the tool. However, I'm not getting output from the tool that matches in any way how OSSEC originally interpreted the data.
I'm presuming I'm not feeding the correct data to the tool. Is raw data from archives.log the place to go for this data? - Dave
