Showing posts with label unix socket. Show all posts
Showing posts with label unix socket. Show all posts

Friday, August 17, 2012

How to communicate with OSSEC deamons via Unix socket...

OSSEC daemons, when started, open Unix sockets for a local communication. For example, ossec-execd opens cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following socket:
/var/ossec/var/queue/alerts/execq
On which, it waits for commands. If you try to send it message using echo, or in some similar way, you'll receive an error message:

$ echo 1 message > /opt/ossec/var/queue/alerts/execq
bash: /opt/ossec/var/queue/alerts/execq: No such device or address
because, it's not a pipe. But, it is possible to "manually" send it command using socat utility. socat is very capable utility with, equivalently complex syntax. In this case you should run it like follows:
$ socat - UNIX-CLIENT:/opt/ossec/var/queue/alerts/execq 
What we are saying in this case is that we want socat to relay messages between stdin (first address, minus) and unix socket in which it is a client (i.e. cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 socket already has to be opened/created).

Now, whatever you type, will go to ossec-execd. This can be monitored eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r in ossec's logs, or if we start ossec-execd in debug mode (without forking), in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 terminal.

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive