It is possible to have a SystemV IPC message queue
(which is definitely more elegant than named pipes) as
additional 'console' device. You need to compile with
MODE and use the option
The default mode is 0700 (rwx------), but this is a compile option (message queues are kernel-resident, but have access permissions like files).
In your code, to get the System V IPC key
for the message queue, use
localstatedir/lib/samhain", '#'); (since Samhain Version 4.0) or
ftok("/tmp", '#'); (previous versions).
localstatedir/lib/samhain is the directory where
samhain writes the database upon initialisation, i.e.
|Messages logged / Queue full|
The message queue is treated as an additional 'console' device, i.e. the same messages go there that go to the console.
(Since version 4.0) If the queue is full, the oldest message(s) will get deleted until there is enough free space for the current message. I.e. the queue will behave like a ring buffer.