I need to forward incoming UDP 514 to UDP 514 and UDP 5141 using iptables. Any ideas? I've already tried tcprewrite/tcpreplay and I can see the traffic over tcpdump but the listening socket on 5141 never gets it, even tried with nc -l -u -p 5141.

tcpdump -s0 -w - -U "host 10.1.99.182 and udp dst port 514"|tcprewrite --portmap=514:5141 --infile=- --outfile=-|tcpreplay --intf1=eth0 -

I need to forward incoming UDP 514 to UDP 514 and UDP 5141 using iptables. Any ideas? I've already tried tcprewrite/tcpreplay and I can see the traffic over tcpdump but the listening socket on 5141 never gets it, even tried with nc -l -u -p 5141.

tcpdump -s0 -w - -U "host 10.1.99.182 and udp dst port 514"|tcprewrite --portmap=514:5141 --infile=- --outfile=-|tcpreplay --intf1=eth0 -

What sort of hardware do you have between the origin and destination. Made sure you didn't have any limiting policies on a switch or anything?

Lets just say Splunk is crap and that I had to use another solution even more horrific than above.

Lets just say Splunk is crap and that I had to use another solution even more horrific than above.

You didn't have to touch a Windows app, did you? :p

That God no, but I did have to force Splunk to tail a hard file versus a FIFO because it can't keep up (pathetic) and had to abandon my efforts at a UDP listener because it bound to the external interface instead of ANY.