On Wed, Sep 28, 2016 at 12:56 PM, Laura Herrera <pequ...@gmail.com> wrote: > Hi Dan, > > Changing subject a bit, do you know if it's possible to have alerts in > ossec calling a script instead of sending an email directly? >
Other than active response, no. > Ta > Laura > > > On Wednesday, 28 September 2016 16:37:57 UTC+1, Laura Herrera wrote: >> >> Hi Dan, >> >> Yes, thank you, i have been trying to get this working all day. >> >> I am running ossec on an ubuntu 14.04 server and i need to be able to >> email alerts of course. >> >> I saw in a separate post that ossec actually needs smtp listening on the >> local server, and so i decided to use postfix as a relay. >> To make things more complicated, my mail server is in office 365. >> >> Here my configurations: >> /etc/postfix/main.cf (changes from original) >> >> smtp_sasl_auth_enable = yes >> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd >> smtp_generic_maps = hash:/etc/postfix/generic >> >> myhostname = ossec-1.example.com >> alias_maps = hash:/etc/aliases >> alias_database = hash:/etc/aliases >> myorigin = /etc/mailname >> mydestination = localhost.localdomain, localhost >> relayhost = smtp.office365.com:587 >> mynetworks = 127.0.0.0/8, 10.0.0.0/8 >> >> /etc/postfix/generic >> /.*/ u...@example.com >> >> >> /etc/postfix/sasl_passwd >> [smtp.office365.com]:587 u...@example.com:MyPassword >> >> >> ossec.conf >> <global> >> <jsonout_output>no</jsonout_output> >> <email_notification>yes</email_notification> >> <smtp_server>localhost</smtp_server> >> <email_to>dev...@example.com</email_to> >> <email_from>u...@example.com</email_from> >> </global> >> >> I am sure postfix is listening on port 25: >> tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN >> 947/master >> >> The error i get, even after enabling debug mode in ossec is not very >> helpful at all: >> 2016/09/28 09:36:04 ossec-maild(1223): ERROR: Error Sending email to >> 127.0.0.1 (smtp server) >> >> nothing before or after that can be of help... >> >> Sorry i don't know what else to say >> >> Thanks a lot, hope you can help >> Laura >> >> >> On Wednesday, 28 September 2016 11:47:20 UTC+1, dan (ddpbsd) wrote: >>> >>> On Sep 28, 2016 6:42 AM, "Laura Herrera" <peq...@gmail.com> wrote: >>> > >>> > Hi Theresa, >>> > >>> > Please can i ask how did you solve this problem? >>> > >>> >>> If you're having issues, you could post details and we could try to help. >>> >>> > Thanks a lot, >>> > Laura >>> > >>> > >>> > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote: >>> >> >>> >> OK, managed to fix this and face-palming myself.... >>> >> >>> >> i've tweaked the postfix config a bit, enabled the service and there >>> >> we go... >>> >> ossec-maild is now officially sending out alerts to my email address. >>> >> >>> >> theresa happy :) >>> >> >>> >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: >>> >>> >>> >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable >>> >>> debug. It will increase log verbosity. Then restart OSSEC, and check >>> >>> /var/ossec/log/ossec.log. >>> >>> Also after restart try to issue command "ps aux | grep ossec", and >>> >>> check, that ossec-maild process is running. >>> >>> >>> >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare <rockpr...@gmail.com>: >>> >>>> >>> >>>> i've also tried disabling iptables, but that didn't help either... >>> >>>> but then again i can send out emails with mailx just find, so i >>> >>>> don't think it's iptables blocking anyway... >>> >>>> >>> >>>> any ideas? >>> >>>> >>> >>>> >>> >>>> Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: >>> >>>>> >>> >>>>> Hi Daniil, >>> >>>>> >>> >>>>> I've already done that. The maillog doesn't show the mail being >>> >>>>> sent, but there isn't an error either. It seems that the ossec-maild >>> >>>>> isn't >>> >>>>> even relaying it to the local smtp mta (ssmtp) because as said before >>> >>>>> I can >>> >>>>> send out mails with mailx just fine. >>> >>>>> >>> >>>>> The ossec.log doesn't even mention the ossec-maild even though the >>> >>>>> process is running... >>> >>>>> Hmm >>> >>>> >>> >>>> -- >>> >>>> >>> >>>> --- >>> >>>> You received this message because you are subscribed to the Google >>> >>>> Groups "ossec-list" group. >>> >>>> To unsubscribe from this group and stop receiving emails from it, >>> >>>> send an email to ossec-list+...@googlegroups.com. >>> >>>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> >>> -- >>> >>> >>> >>> -- >>> >>> С уважением, Светлов Даниил. >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> > Groups "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an email to ossec-list+...@googlegroups.com. >>> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
