Greetings,
We are using OSSEC as provided by CloudAware. I'm in the process of setting
up some custom alerts for testing, alerts I would like to receive via
email.
I am able to send email from the Linux host via the following:
echo "test" | mail -s "subject line" myem...@domain.name
To help troubleshoot, I've set the following debug options in
internal_options.conf:
syscheck.debug=1
agent.debug=1
And here is what I've configured in ossec.conf:
<ossec_config>
<client>
<server-hostname>cloud aware server</server-hostname>
</client>
<global>
<email_notification>yes</email_notification>
<email_to>my email address</email_to>
<smtp_server>127.0.0.1</smtp_server>
<email_from>r...@dns.name</email_from>
</global>
<email_alerts>
<level>1</level>
<do_not_delay />
</email_alerts>
I see no errors in the ossec.log file that indicates that it's even
attempting to send mail. Am I correct that it should attempt to send me an
email each time I restart OSSEC - that looks to be a level 7 alert.
Any suggestions for troubleshooting would be MUCH appreciated - it feels
like there might be an override setting that I'm simply not aware of, but I
have yet to find anything of that nature.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
