One way to do this is to use another syslog client that can read from an input file and forward the content to your syslog server.
I have done this using syslog4j (https://sites.google.com/site/syslog4j/) in the past. Once you have the syslog4j-<version>.jar file downloaded, a command similar to the following will forward the content of <input_log_file> to the syslog server. java -cp syslog4j.jar org.productivity.java.syslog4j.Syslog -i <input_log_file> -h <IP_of_syslog_server> -p 514 udp On Monday, March 11, 2013 3:10:19 PM UTC-7, Tony C. wrote: > > Hello, > > Currently running on OSSEC 2.6 and we have an issue where our > 'ossec-csyslogd' daemon (which forwards logs to our SPLUNK server) will > randomly stop. While this is something we hope will get fixed when we > upgrade to 2.7, we still have the problem of forwarding the logs that were > recorded by OSSEC in '/var/ossec/logs' while the forwarder was down. I've > verified that the logs I want do in fact exist (right down to the time > frame that wasn't forwarded), but is there a way to forward these old logs > to SPLUNK? I've tried searching for a solution by googling it but either my > search 'skills' are rusty or no one has had to deal with this yet. Hope > someone can answer my question. Thanks! > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
