I’m trying to use name pipes in syslog-ng. I first creat the file with the command mkfifo syslog_fifo and then setup syslog-ng to send logs to the file. Using the command tail –f syslog_fifo, I’m getting a lot of information. However, when I configure ossec to use this file as a syslog file, I’m getting the following information.
2008/12/22 15:50:04 ossec-logcollector(1116): ERROR: Error handling file '/root/syslog/syslog_fifo' (fseek). 2008/12/22 15:50:04 ossec-logcollector(1950): INFO: Analyzing file: '/ root/syslog/syslog_fifo'. 2008/12/22 15:50:04 ossec-logcollector: INFO: Started (pid: 9864). 2008/12/22 15:52:14 ossec-logcollector(1904): INFO: File not available, ignoring it: '/root/syslog/syslog_fifo'. Can ossec read named pipes files? If so, what should I do? Cheers Martin
