Quantcast
Channel: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
Viewing all articles
Browse latest Browse all 5385

Re: How to import apache log files into LEM

$
0
0

There are limitations to feeding data into LEM after the fact - the most notable of which is that all your data will be searched and reported based on Detection Time and the time on the appliance, though the Insertion Time value (original log version) WILL be collected and shown.

 

If you want to do this: On a system you DO have access to, create an Apache Access log connector and have it reference an empty file. Open the empty file and paste your log contents into it (or on unix, cat original-log.log >> empty-log.log). The data will come in as fast as it possibly can be read, with DetectionTime values that are very similar, but you can search for specific data or report on it. It won't be useful against your rules because the data will be too old, but will show up in filters also.


Viewing all articles
Browse latest Browse all 5385

Trending Articles