Our config is pretty standard with respect to the ossec.conf. The
only non-standard thing we have is that we are usiing port 9025 for
SMTP on the mail server we are using rather than 25. We have that
changed in the sendmail.c file that is used when everything is
compiled:
OSSEC.CONF
<global>
<email_notification>yes</email_notification>
<email_to>os...@xxxxxxxxxx.xxx</email_to>
<smtp_server>dcprpafszenoss2.xxxxxxxxxx.xxx</smtp_server>
<email_from>oss...@xxxxxxxxxx.xxx</email_from>
<email_maxperhour>1000</email_maxperhour>
</global>
SENDMAIL.C
/* Default values use to connect */
#define SMTP_DEFAULT_PORT 9025
#define HELOMSG "Helo notify.ossec.net\r\n"
#define MAILFROM "Mail From: <%s>\r\n"
#define RCPTTO "Rcpt To: <%s>\r\n"
#define DATAMSG "DATA\r\n"
#define FROM "From: OSSEC HIDS <%s>\r\n"
#define TO "To: <%s>\r\n"
#define CC "Cc: <%s>\r\n"
#define SUBJECT "Subject: %s\r\n"
#define ENDDATA "\r\n.\r\n"
#define QUITMSG "QUIT\r\n"
It was working prior to the increase of the number of agents supported
and the recompile. I ran a tcpdump on the manager and don't see the
manager even attempting to try to connect to the SMTP host on port
9025, only using the agent/manager connection between the two boxes.
On Mar 27, 3:36 pm, "dan (ddp)" <ddp...@gmail.com> wrote:
> What's your mail configuration in the manager's ossec.conf?
>
> I wish ossec was compiled with -ggdb by default. It might make the gdb
> information a bit easier to follow.
>
>
>
> On Thu, Mar 22, 2012 at 1:47 PM, MDACC-Luckie <luckief...@gmail.com> wrote:
> > I increased the number of agents my installation was capable of
> > supporting, reinstalled and then copied my saved ossec.conf file and
> > internal_options.conf into the ossec/etc directory and restarted
> > ossec. My ossec-maild daemon starts, runs for a few seconds and then
> > dies.
>
> > I ran the following based on a previous email thread I saw and have
> > attached the results. Please let me know if anyone has ideas on why
> > it is happening:
>
> > [root@dcprpoemprddb1 logs]# gdb /opt/ossec/bin/ossec-maild
> > GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5_5.2)
> > Copyright (C) 2009 Free Software Foundation, Inc.
> > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/
> > gpl.html>
> > This is free software: you are free to change and redistribute it.
> > There is NO WARRANTY, to the extent permitted by law. Type "show
> > copying"
> > and "show warranty" for details.
> > This GDB was configured as "x86_64-redhat-linux-gnu".
> > For bug reporting instructions, please see:
> > <http://www.gnu.org/software/gdb/bugs/>...
> > Reading symbols from /opt/ossec/bin/ossec-maild...done.
> > (gdb) set follow-fork-mode child
> > (gdb) run
> > Starting program: /opt/ossec/bin/ossec-maild
> > [New process 2615]
> > [New process 2616]
>
> > Program received signal SIGSEGV, Segmentation fault.
> > [Switching to process 2616]
> > 0x000000387c879b60 in strlen () from /lib64/libc.so.6
> > (gdb) bt
> > #0 0x000000387c879b60 in strlen () from /lib64/libc.so.6
> > #1 0x000000387c846cb9 in vfprintf () from /lib64/libc.so.6
> > #2 0x000000387c8699da in vsnprintf () from /lib64/libc.so.6
> > #3 0x000000387c84d5e3 in snprintf () from /lib64/libc.so.6
> > #4 0x0000000000402d66 in OS_RecvMailQ (fileq=0x635640,
> > p=0x387cb56cc0, Mail=0x7fffffffe870, msg_sms=0x7fffffffe7e0)
> > at os_maild_client.c:96
> > #5 0x0000000000402848 in OS_Run (mail=0x7fffffffe870) at maild.c:381
> > #6 0x00000000004023d0 in main (argc=1, argv=0x7fffffffe9f8) at
> > maild.c:171
> > (gdb)- Hide quoted text -
>
> - Show quoted text -
