Hi list, Hopefully anyone can point me in the right direction. I've got some trouble getting the events-mail plugin to work with the botnet plugin. The botnet plugin seems to work fine with the events plugin though (In the Alerts section it shows me the Botnets Alert with status fired).
While starting nfsen the plugins seem to be initialized corectly: Dec 16 01:40:57 NFSEN nfsen[12064]: Frontend module 'Events.php' found Dec 16 01:40:57 NFSEN nfsen[12064]: Loading plugin 'Events': Success Dec 16 01:40:57 NFSEN nfsen[12064]: Initializing plugin 'Events': Success Dec 16 01:40:57 NFSEN nfsen[12064]: plugin 'Events': Profile plugin: 1, Alert condition plugin: 0, Alert action plugin: 0 Dec 16 01:40:57 NFSEN nfsen[12064]: Loading plugin 'Events_mail': Success Dec 16 01:40:57 NFSEN nfsen[12064]: Initializing plugin 'Events_mail': Success Dec 16 01:40:57 NFSEN nfsen[12064]: plugin 'Events_mail': Profile plugin: 1, Alert condition plugin: 0, Alert action plugin: 0 Dec 16 01:40:57 NFSEN nfsen[12064]: Loading plugin 'Botnets': Success Dec 16 01:40:57 NFSEN nfsen[12064]: Initializing plugin 'Botnets': Success Dec 16 01:40:57 NFSEN nfsen[12064]: plugin 'Botnets': Profile plugin: 0, Alert condition plugin: 1, Alert action plugin: 0 Dec 16 01:40:57 NFSEN nfsen[12064]: Plugins for profile : ./live - PortTracker,Events,Events_mail Dec 16 01:40:57 NFSEN nfsen[12064]: Plugins for Alert conditions: Botnets After 5 min I can see in the Logfile the processing: Dec 16 01:40:23 NFSEN nfsen[11897]: Process alert 'botnets' Dec 16 01:40:26 NFSEN nfsen[11897]: Alert 'botnets' execute action I tried both possible Actions in the 'botnets' Alert in the Webinterface: No action --> then it won't send me an email Send alert email, To: <myemailaddress> --> It sends me an email with the Subject Alert triggered (as configured beneath). Problem is, it doesn't send me an email using one of the mail-templates. (Tried botnet_iodef.tp and botnet.tp out of the events-mail plugin and out of the botnets plugin) So far it sends me an email with e.g. "Alert 'botnets' triggered at timeslot 201012131655" and nothing more. The template_home => "$VARDIR/mail-templates",' Directory does exist on my server. The Pluginconf Section for the events_mail I copy and pasted from the wiki. If it worked this would be great so I could see in the mail which Destination or Source the Suspected bot was. Has anyone managed to get this working? Any hints or ideas how to debug this further? Maybe I made a stupid config error in the webinterface with the alert but I'm pretty sure I configured everything according to the documentation on http://sourceforge.net/apps/trac/nfsen-plugins/wiki/Events-mail. As this would be a nice add-on to my nfsen installation any help is greatly apreciated. Kind regards Lino ------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
