I was on 1.5 and is now on 1.6. Pipes is now working. However, it seems to have a minor issue with multiple pipes but I'm ok with a single pipel. I did notice syslog-ng starting to use a lot of cpu when sending 20K syslog messages per second. However, creating a ram disk and put the fifo/pipe file on the ram disk halved the cpu load.
Cheers On Dec 23 2008, 6:15 am, "Daniel Cid" <[email protected]> wrote: > Hi Martin, > > Which version of ossec are you using? We added support for pipes in > v1.6... > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On Sun, Dec 21, 2008 at 10:57 PM, Martin <[email protected]> wrote: > > > I'm trying to use name pipes in syslog-ng. I first creat the file with > > the command mkfifo syslog_fifo and then setup syslog-ng to send logs > > to the file. Using the command tail –f syslog_fifo, I'm getting a lot > > of information. However, when I configure ossec to use this file as a > > syslog file, I'm getting the following information. > > > 2008/12/22 15:50:04 ossec-logcollector(1116): ERROR: Error handling > > file '/root/syslog/syslog_fifo' (fseek). > > 2008/12/22 15:50:04 ossec-logcollector(1950): INFO: Analyzing file: '/ > > root/syslog/syslog_fifo'. > > 2008/12/22 15:50:04 ossec-logcollector: INFO: Started (pid: 9864). > > 2008/12/22 15:52:14 ossec-logcollector(1904): INFO: File not > > available, ignoring it: '/root/syslog/syslog_fifo'. > > > Can ossec read named pipes files? If so, what should I do? > > Cheers > > Martin
