Hello, I would like to have my logs from a distant subnet forwarded to a central ossec server. Some of these logs are UDP 514 syslog format from "appliances".
So, I was thinking that I change my current ossec server that is on that subnet (which now collects all logs) into a hybrid server and have it forward logs to my new central ossec server. Does that sound reasonable? I'm not sure how to re-configure the current ossec server to be a hybrid server... Can I simply add the <client> section to ossec.conf in addition to the <global> section? Do I need a <global> section anymore? Is it possible to send <remote> sections via agent.conf? Thanks, Scott
