Hello, Currently running on OSSEC 2.6 and we have an issue where our 'ossec-csyslogd' daemon (which forwards logs to our SPLUNK server) will randomly stop. While this is something we hope will get fixed when we upgrade to 2.7, we still have the problem of forwarding the logs that were recorded by OSSEC in '/var/ossec/logs' while the forwarder was down. I've verified that the logs I want do in fact exist (right down to the time frame that wasn't forwarded), but is there a way to forward these old logs to SPLUNK? I've tried searching for a solution by googling it but either my search 'skills' are rusty or no one has had to deal with this yet. Hope someone can answer my question. Thanks!
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
