I am using following socat commands to meet my requirement : to route logs via TCP to server
Agent machine : socat udp4-recvfrom:1514,reuseaddr,fork tcp4:10.85.203.175:9999 Server machine : socat tcp4-listen:9999,reuseaddr,fork udp4:localhost:1514 Sets the ossec server ip as 10.85.203.145(agent machine) in agent manager. Tested DNS routing in the same way, getting the response but not in case of ossec. Agent logs keeps showing... 2012/11/28 19:25:00 ossec-agent: INFO: Using IPv4 for: 10.85.203.145 . 2012/11/28 19:25:21 ossec-agent(4101): WARN: Waiting for server reply (not started). Tried: '10.85.203.145'. Any better socat commands? Anything else I need to know how agent works with server? Could my requirement be met?
