I want to be able to reproduce an event for testing modifications to rules.
Is grabbing a line out of archives.log and sending it to ossec-logtest the way to do this?
- [ossec-list] Feeding ossec-logtest Dave S
- [ossec-list] Re: Feeding ossec-logtest Dave S
