Hi, You can try to pipe the data into ossec's syslog daemon with cat and netcat
On Fri, Jun 29, 2012 at 7:07 PM, Kat <[email protected]> wrote: > Here's hoping there is a simple answer to this. I know of the technique to > run the forensics into ossec-logtest. And that is a fabulous tool/method. > But, I want to take a previous years data - BO - (before ossec) and run it > through and have ossec actually process it into the appropriate log files > (and perhaps mysql or spunk) just as if it was live data. In other words, > process it like live data so it is logged and saved in the database/splunk. > The reason for this is simple - to build up the past couple of years of raw > data into a searchable/historical reference. > > I know ossec-logtest can be piped into anything, but before I start trying > it, I am wondering if you could use the same method of catting the files > but into live ossec? > > Off to try some tests - if I find anything, I will let you know. If anyone > else can think of a way to do it, would love to hear. > > thanks > ~k > -- MVH/With regards Frank -- Name: Frank Stefan Sundberg Solli E-mail: [email protected] Web: http://0x41.me GPG: 684119F4
