Hi, I installed ossec local on my cloud server, and configure ossec.conf as follows, I tried to detect new additions using <alert_new_files>yes</alert_new_files>.
<global> <email_notification>yes</email_notification> <email_to>my_em...@example.com</email_to> <smtp_server>ns0.bt.net.</smtp_server> <email_from>my_em...@example.com</email_from> </global> <syscheck> <!-- Frequency that syscheck is executed - default to every 22 hours --> <frequency>79200</frequency> <alert_new_files>yes</alert_new_files> <!-- Directories to check (perform all possible verifications) --> <directories report_changes="yes" realtime="yes" check_all="yes">/etc,/usr/bin,/usr/sbin</directories> <directories report_changes="yes" realtime="yes" check_all="yes">/bin,/sbin</directories> <directories report_changes="yes" realtime="yes" check_all="yes">/home/user_name</directories> </syscheck> The local_rules.xml is like, <group name="local,syslog,"> <!-- Note that rule id 5711 is defined at the ssh_rules file - as a ssh failed login. This is just an example - since ip 1.1.1.1 shouldn't be used anywhere. - Level 0 means ignore. --> <rule id="100001" level="0"> <if_sid>5711</if_sid> <srcip>1.1.1.1</srcip> <description>Example of rule that will ignore sshd </description> <description>failed logins from IP 1.1.1.1.</description> </rule> <rule id="554" level="7" overwrite="yes"> <category>ossec</category> <decoded_as>syscheck_new_entry</decoded_as> <description>File added to the system.</description> <group>syscheck,</group> </rule> </group> <!-- SYSLOG,LOCAL --> Now, if I added a file in home/user_name, there is no email notification coming through the SMTP server. I am using smtp.bt.net, using dig -t mx smtp.bt.net to get the SMTP server. Whats the possible reasons that I am not getting the email? Many thanks -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.