2. System V message queue

2. System V message queue
Prev	Chapter 7. Hooks for External Programs	Next

2. System V message queue

It is possible to have a SystemV IPC message queue (which is definitely more elegant than named pipes) as additional 'console' device. You need to compile with --enable-message-queue= MODE and use the option MessageQueueActive= T/F .

The default mode is 0700 (rwx------), but this is a compile option (message queues are kernel-resident, but have access permissions like files).

In your code, to get the System V IPC key for the message queue, use ftok("localstatedir/lib/samhain", '#'); (since Samhain Version 4.0) or ftok("/tmp", '#'); (previous versions). Here, localstatedir/lib/samhain is the directory where samhain writes the database upon initialisation, i.e. /var/lib/samhain by default.

	Messages logged / Queue full
The message queue is treated as an additional 'console' device, i.e. the same messages go there that go to the console. (Since version 4.0) If the queue is full, the oldest message(s) will get deleted until there is enough free space for the current message. I.e. the queue will behave like a ring buffer.

Messages logged / Queue full

The message queue is treated as an additional 'console' device, i.e. the same messages go there that go to the console.

(Since version 4.0) If the queue is full, the oldest message(s) will get deleted until there is enough free space for the current message. I.e. the queue will behave like a ring buffer.

Prev	Up	Next
Chapter 7. Hooks for External Programs	Home	3. Calling external programs