What is the best way to test rules on Windows Event Logs? With syslog or weblog related stuff I know I can take a line from the log and feed it to ossec-logtest. However with Windows Event Logs what format is ossec expecting? Can I just cut and paste the event as seen when double clicking on the event in windows?
Thanks, James Whittington
