Hello Martin If you are referring to include the archive logs (system log files, program log files, etc) you only need to monitor an empty file with Ossec, and then add all contents of your file inside this file: i.e. cat old_log_file.log >> empty_file.log.
Hope it help. Best regards, On Wed, Oct 25, 2017 at 7:07 AM, Martin Brooks <[email protected]> wrote: > Hi > > I have an old ossec instance which is due for retirement. I have built a > new instance on the latest version. > > Is it possible to take the archive logs from the old instance and somehow > re-process them through the new instance? I'd like to have all the > history in one place, if that's possible. > > > Thanks > > Martin. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- *Wazuh Inc* | Alberto RodrÃguez | IT Security Developer | Cell: +1 408 610 0385 <+1%408%610%0385> * This message and the information contained in or attached to it are private and confidential and intended exclusively for the addressee. Any dissemination, copying or distribution to third parties without the express consent of the sender is strictly prohibited. If you have received this message in error, please delete it immediate and notify the sender. Thank you for your collaboration. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
