Hi Daniil, thank you very much for the advice with enabling debug!! I've now looked into the ossec.log and it says:
*2015/07/05 03:34:02 ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server)* 2015/07/05 15:03:18 ossec-syscheckd: INFO: Starting syscheck scan. 2015/07/05 15:16:37 ossec-syscheckd: INFO: Ending syscheck scan. 2015/07/05 15:21:37 ossec-rootcheck: INFO: Starting rootcheck scan. 2015/07/05 15:24:22 ossec-rootcheck: INFO: Ending rootcheck scan. 2015/07/06 11:19:22 ossec-syscheckd: INFO: Starting syscheck scan. 2015/07/06 11:32:41 ossec-syscheckd: INFO: Ending syscheck scan. 2015/07/06 11:37:41 ossec-rootcheck: INFO: Starting rootcheck scan. 2015/07/06 11:40:28 ossec-rootcheck: INFO: Ending rootcheck scan. *2015/07/06 19:03:11 ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server)* 2015/07/06 19:03:14 ossec-monitord(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:14 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:14 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:14 ossec-analysisd(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:14 ossec-maild(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:14 ossec-execd(1314): INFO: Shutdown received. Deleting responses. 2015/07/06 19:03:14 ossec-execd(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:15 ossec-testrule: INFO: Reading local decoder file. 2015/07/06 19:03:15 ossec-testrule: INFO: Started (pid: 1900). *2015/07/06 19:03:15 ossec-maild: DEBUG: Starting ...2015/07/06 19:03:15 ossec-maild: INFO: Chrooted to directory: /var/ossec, using user: ossecm2015/07/06 19:03:15 ossec-maild: INFO: Started (pid: 1921).* 2015/07/06 19:03:15 ossec-analysisd: DEBUG: Starting ... 2015/07/06 19:03:15 ossec-analysisd: DEBUG: Found user/group ... 2015/07/06 19:03:15 ossec-analysisd: DEBUG: Active response initialized ... I've no idea why it says it can't send mails to localhost. Do you think this could be an IPtables or SeLinux issue? Although I've set SeLinux to Status "Permissive" so it actually shouldn't block anything. I have an assumption why it's not working. when I do a netstat -plntu I can only see the server listening to the SSH port. For my mail setup I only use SSMTP (to relay it to gmail.com) do I also need postfix setup for local mailing? The postfix config let's you relay mails locally... What is your mail setup on the server? I think the ossec-maild needs a local MTA listening on port 25 to send emails out to ssmtp ?! what do you think? please help! Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: > > Theresa, try to issue command /var/ossec/bin/ossec-control enable debug. > It will increase log verbosity. Then restart OSSEC, and check > /var/ossec/log/ossec.log. > Also after restart try to issue command "ps aux | grep ossec", and check, > that ossec-maild process is running. > > сб, 4 июля 2015 г. в 19:13, theresa mic-snare <rockpr...@gmail.com > <javascript:>>: > >> i've also tried disabling iptables, but that didn't help either... >> but then again i can send out emails with mailx just find, so i don't >> think it's iptables blocking anyway... >> >> any ideas? >> >> >> Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: >>> >>> Hi Daniil, >>> >>> I've already done that. The maillog doesn't show the mail being sent, >>> but there isn't an error either. It seems that the ossec-maild isn't even >>> relaying it to the local smtp mta (ssmtp) because as said before I can send >>> out mails with mailx just fine. >>> >>> The ossec.log doesn't even mention the ossec-maild even though the >>> process is running... >>> Hmm >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > -- > > -- > С уважением, Светлов Даниил. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
