Table of Contents
samhain provides several hooks for external programs for (re-)processing the audit trail, including pipes, a System V message queue, and the option to call external programs.
It is possible to use named pipes as 'console' device(s) ( samhain supports up to two console devices, both of which may be named pipes. You can set the device path at compile time (see Section 6 ), and/or in the configuration file (see Section 8 ).
![[Note]](stylesheet-images/note.png) | Pipe full |
|---|---|
(Since version 4.0) samhain will do a nonblocking write. If the pipe is full, the write will silently fail and the message will be lost. |