Thanks Pedro for quick reply. Let me try at my setup, will update this thread if i fail to do so.
On Wed, Mar 30, 2016 at 3:19 PM, Pedro S <pe...@wazuh.com> wrote: > You can set up on OSSEC any SMTP server and it will use it to send the > emails, BUT OSSEC is not able to use SMTP authentication. > > Amazon SES works with TLS authentication so.. I don't think OSSEC > out-the-box can use Amazon SES. > > Instead of that you can probably configure Amazon SES SMTP account into a > local postfix server, and then set up OSSEC to send emails using postfix (I > made this before with other SMTP TLS servers). > > OSSEC -> postfix -> Amazon SES. > > > > > On Wednesday, March 30, 2016 at 11:36:41 AM UTC+2, sandeep wrote: >> >> Hi, >> >> Can i use third party email provider to send OSSEC emails ? For example >> AWS's SES service. >> >> On Thu, Mar 24, 2016 at 3:27 PM, sandeep dubey <sandeep...@gmail.com> >> wrote: >> >>> Thanks for the update. >>> On 24-Mar-2016 3:09 PM, "dan (ddp)" <ddp...@gmail.com> wrote: >>> >>>> >>>> On Mar 24, 2016 12:21 AM, "sandeep dubey" <sandeep...@gmail.com> wrote: >>>> > >>>> > Got it, thanks much. Is it suggested to remove that line for these >>>> rules ? >>>> > >>>> >>>> That's between you and your security policy. I personally like 1002, I >>>> even wrote a faq entry on it. >>>> >>>> > On Wed, Mar 23, 2016 at 7:52 PM, dan (ddp) <ddp...@gmail.com> wrote: >>>> >> >>>> >> On Wed, Mar 23, 2016 at 10:19 AM, sandeep dubey >>>> >> <sandeep...@gmail.com> wrote: >>>> >> > Thanks Dan for the reply. >>>> >> > >>>> >> > I couldn't understand your comment - >>>> >> > >>>> >> > Both of these set: >>>> >> > <options>alert_by_email</options> >>>> >> > >>>> >> >>>> >> If you look at /var/ossec/rules/syslog_rules.xml, you can see rule >>>> >> 10100 sets the above option. This means it will always send an email >>>> >> when it is triggered. >>>> >> Rule 1002 has the same option set. So no matter what your minimum >>>> rule >>>> >> level is, these rules will trigger emails. >>>> >> >>>> >> > On Wed, Mar 23, 2016 at 7:37 PM, dan (ddp) <ddp...@gmail.com> >>>> wrote: >>>> >> >> >>>> >> >> On Wed, Mar 23, 2016 at 10:01 AM, sandeep dubey >>>> >> >> <sandeep...@gmail.com> wrote: >>>> >> >> >> Ok, so it works when you use an individual email address, but >>>> not when >>>> >> >> >> you use a group? Which system handles the group email >>>> address? Can >>>> >> >> >> you check the logs there? >>>> >> >> > >>>> >> >> > Yes, when i use group emails are not being relayed. I am using >>>> Google >>>> >> >> > service. In logs i don't find anything except mentioned in >>>> previous >>>> >> >> > thread. >>>> >> >> >>>> >> >> Use tcpdump to see if there is any difference between the 2 email >>>> >> >> addresses. >>>> >> >> >>>> >> >> >> >>>> >> >> >> >>>> >> >> >> > One more observation is that, even though email alerts is >>>> configured >>>> >> >> >> > for >>>> >> >> >> > level 8, I am still getting alerts for level 2,3,4 etc. >>>> >> >> >> > >>>> >> >> >> >>>> >> >> >> That's very strange. I trust you've verified that the rules of >>>> level < >>>> >> >> >> 8 that trigger email alerts don't have >>>> >> >> >> "<options>alert_by_email</options>" set. >>>> >> >> >> Which rules with level < 8 are triggering emails? >>>> >> >> > >>>> >> >> > >>>> >> >> > Triggered emails are of level 2,4 and rules id is 1002,10100 >>>> >> >> > >>>> >> >> >>>> >> >> Both of these set: >>>> >> >> <options>alert_by_email</options> >>>> >> >> >>>> >> >> -- >>>> >> >> >>>> >> >> --- >>>> >> >> You received this message because you are subscribed to the >>>> Google Groups >>>> >> >> "ossec-list" group. >>>> >> >> To unsubscribe from this group and stop receiving emails from it, >>>> send an >>>> >> >> email to ossec-list+...@googlegroups.com. >>>> >> >> For more options, visit https://groups.google.com/d/optout. >>>> >> > >>>> >> > >>>> >> > >>>> >> > >>>> >> > -- >>>> >> > Regards, >>>> >> > Sandeep >>>> >> > >>>> >> > -- >>>> >> > >>>> >> > --- >>>> >> > You received this message because you are subscribed to the Google >>>> Groups >>>> >> > "ossec-list" group. >>>> >> > To unsubscribe from this group and stop receiving emails from it, >>>> send an >>>> >> > email to ossec-list+...@googlegroups.com. >>>> >> > For more options, visit https://groups.google.com/d/optout. >>>> >> >>>> >> -- >>>> >> >>>> >> --- >>>> >> You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> >> To unsubscribe from this group and stop receiving emails from it, >>>> send an email to ossec-list+...@googlegroups.com. >>>> >> For more options, visit https://groups.google.com/d/optout. >>>> > >>>> > >>>> > >>>> > >>>> > -- >>>> > Regards, >>>> > Sandeep >>>> > >>>> > -- >>>> > >>>> > --- >>>> > You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> > To unsubscribe from this group and stop receiving emails from it, >>>> send an email to ossec-list+...@googlegroups.com. >>>> > For more options, visit https://groups.google.com/d/optout. >>>> >>>> -- >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "ossec-list" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to ossec-list+...@googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >> >> >> -- >> Regards, >> Sandeep >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Regards, Sandeep -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
