Hi, Can i use third party email provider to send OSSEC emails ? For example AWS's SES service.
On Thu, Mar 24, 2016 at 3:27 PM, sandeep dubey <sandeep.san...@gmail.com> wrote: > Thanks for the update. > On 24-Mar-2016 3:09 PM, "dan (ddp)" <ddp...@gmail.com> wrote: > >> >> On Mar 24, 2016 12:21 AM, "sandeep dubey" <sandeep.san...@gmail.com> >> wrote: >> > >> > Got it, thanks much. Is it suggested to remove that line for these >> rules ? >> > >> >> That's between you and your security policy. I personally like 1002, I >> even wrote a faq entry on it. >> >> > On Wed, Mar 23, 2016 at 7:52 PM, dan (ddp) <ddp...@gmail.com> wrote: >> >> >> >> On Wed, Mar 23, 2016 at 10:19 AM, sandeep dubey >> >> <sandeep.san...@gmail.com> wrote: >> >> > Thanks Dan for the reply. >> >> > >> >> > I couldn't understand your comment - >> >> > >> >> > Both of these set: >> >> > <options>alert_by_email</options> >> >> > >> >> >> >> If you look at /var/ossec/rules/syslog_rules.xml, you can see rule >> >> 10100 sets the above option. This means it will always send an email >> >> when it is triggered. >> >> Rule 1002 has the same option set. So no matter what your minimum rule >> >> level is, these rules will trigger emails. >> >> >> >> > On Wed, Mar 23, 2016 at 7:37 PM, dan (ddp) <ddp...@gmail.com> wrote: >> >> >> >> >> >> On Wed, Mar 23, 2016 at 10:01 AM, sandeep dubey >> >> >> <sandeep.san...@gmail.com> wrote: >> >> >> >> Ok, so it works when you use an individual email address, but >> not when >> >> >> >> you use a group? Which system handles the group email address? >> Can >> >> >> >> you check the logs there? >> >> >> > >> >> >> > Yes, when i use group emails are not being relayed. I am using >> Google >> >> >> > service. In logs i don't find anything except mentioned in >> previous >> >> >> > thread. >> >> >> >> >> >> Use tcpdump to see if there is any difference between the 2 email >> >> >> addresses. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > One more observation is that, even though email alerts is >> configured >> >> >> >> > for >> >> >> >> > level 8, I am still getting alerts for level 2,3,4 etc. >> >> >> >> > >> >> >> >> >> >> >> >> That's very strange. I trust you've verified that the rules of >> level < >> >> >> >> 8 that trigger email alerts don't have >> >> >> >> "<options>alert_by_email</options>" set. >> >> >> >> Which rules with level < 8 are triggering emails? >> >> >> > >> >> >> > >> >> >> > Triggered emails are of level 2,4 and rules id is 1002,10100 >> >> >> > >> >> >> >> >> >> Both of these set: >> >> >> <options>alert_by_email</options> >> >> >> >> >> >> -- >> >> >> >> >> >> --- >> >> >> You received this message because you are subscribed to the Google >> Groups >> >> >> "ossec-list" group. >> >> >> To unsubscribe from this group and stop receiving emails from it, >> send an >> >> >> email to ossec-list+unsubscr...@googlegroups.com. >> >> >> For more options, visit https://groups.google.com/d/optout. >> >> > >> >> > >> >> > >> >> > >> >> > -- >> >> > Regards, >> >> > Sandeep >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> send an >> >> > email to ossec-list+unsubscr...@googlegroups.com. >> >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> an email to ossec-list+unsubscr...@googlegroups.com. >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > >> > >> > >> > -- >> > Regards, >> > Sandeep >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to ossec-list+unsubscr...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > -- Regards, Sandeep -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
