/var/ossec/var/queue/alerts/execqOn which, it waits for commands. If you try to send it message using echo, or in some similar way, you'll receive an error message:
$ echo 1 message > /opt/ossec/var/queue/alerts/execq
bash: /opt/ossec/var/queue/alerts/execq: No such device or address
because, it's not a pipe. But, it is possible to "manually" send it command using socat utility. socat is very capable utility with, equivalently complex syntax. In this case you should run it like follows:
$ socat - UNIX-CLIENT:/opt/ossec/var/queue/alerts/execq
What we are saying in this case is that we want socat to relay messages between stdin (first address, minus) and unix socket in which it is a client (i.e. the socket already has to be opened/created).
Now, whatever you type, will go to ossec-execd. This can be monitored either in ossec's logs, or if we start ossec-execd in debug mode (without forking), in the terminal.
No comments:
Post a Comment