That's what I had hoped, however OSSEC prepends information to each line in the archive log. It would be great if OSSEC could recognise it's own log format, thus it could re-ingest preserving host information and time stamps.
Mart. On 28 October 2017 at 02:17, Alberto Rodriguez <[email protected]> wrote: > Hello Martin > > If you are referring to include the archive logs (system log files, > program log files, etc) you only need to monitor an empty file with Ossec, > and then add all contents of your file inside this file: i.e. cat > old_log_file.log >> empty_file.log. > > Hope it help. > Best regards, > > > On Wed, Oct 25, 2017 at 7:07 AM, Martin Brooks <[email protected]> > wrote: > >> Hi >> >> I have an old ossec instance which is due for retirement. I have built >> a new instance on the latest version. >> >> Is it possible to take the archive logs from the old instance and somehow >> re-process them through the new instance? I'd like to have all the >> history in one place, if that's possible. >> >> >> Thanks >> >> Martin. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > *Wazuh Inc* | Alberto RodrÃguez | IT Security Developer | Cell: +1 408 > 610 0385 <+1%408%610%0385> > > > * This message and the information contained in or attached to it are > private and confidential and intended exclusively for the addressee. Any > dissemination, copying or distribution to third parties without the express > consent of the sender is strictly prohibited. If you have received this > message in error, please delete it immediate and notify the sender. Thank > you for your collaboration. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
