subject:"\\\\\\\[ossec\\\\\\\-list\\\\\\\] Help with setting up email alerts"

Re: [ossec-list] Help with setting up email alerts

2016-03-03 Thread dan (ddp)

On Thu, Mar 3, 2016 at 1:28 PM, jkrew  wrote:
> Ok, this is the agent. I  thought one could configure the agent to fire off
> emails because of this bit in the doc:
> (http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.global.html)
>
> Supported types
>
> Global options are available in the the following installation types:
>
> server
> local
>

Neither of those are 'agent.'

> So that helps me understand why it doesn't work, for sure. My purpose is to
> measure how long it takes for the server to alert on an issue compared to
> when it is first reported. I guess I won't use the email option for this.
>

I believe there's a rule for agents restarting, which could be sent
out by the ossec server.

> Thanks much - I can't believe I didn't catch this.
>
> On Thursday, March 3, 2016 at 1:12:25 PM UTC-5, dan (ddpbsd) wrote:
>>
>> On Thu, Mar 3, 2016 at 1:09 PM, jkrew  wrote:
>> > Greetings,
>> >
>> > We are using OSSEC as provided by CloudAware. I'm in the process of
>> > setting
>> > up some custom alerts for testing, alerts I would like to receive via
>> > email.
>> >
>> > I am able to send email from the Linux host via the following:
>> > echo "test" | mail -s "subject line" mye...@domain.name
>> >
>> > To help troubleshoot, I've set the following debug options in
>> > internal_options.conf:
>> > syscheck.debug=1
>> > agent.debug=1
>> >
>> > And here is what I've configured in ossec.conf:
>> >
>> >
>> > 
>> > 
>> > cloud aware server
>>
>> Is this an agent or the server?
>>
>> > 
>> >
>> >   
>> > yes
>> > my email address
>> > 127.0.0.1
>> > ro...@dns.name
>> >   
>> >
>> >   
>> >1
>> >
>> >   
>> >
>> > I see no errors in the ossec.log file that indicates that it's even
>> > attempting to send mail. Am I correct that it should attempt to send me
>> > an
>> > email each time I restart OSSEC - that looks to be a level 7 alert.
>> >
>> > Any suggestions for troubleshooting would be MUCH appreciated - it feels
>> > like there might be an override setting that I'm simply not aware of,
>> > but I
>> > have yet to find anything of that nature.
>> >
>>
>> agents do not send email, just the ossec server.
>>
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ossec-list+...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Help with setting up email alerts

2016-03-03 Thread jkrew

Ok, this is the agent. I  thought one could configure the agent to fire off 
emails because of this bit in the doc:
(http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.global.html)
Supported types 

Global options are available in the the following installation types:

   - server
   - local

So that helps me understand why it doesn't work, for sure. My purpose is to 
measure how long it takes for the server to alert on an issue compared to 
when it is first reported. I guess I won't use the email option for this. 

Thanks much - I can't believe I didn't catch this.

On Thursday, March 3, 2016 at 1:12:25 PM UTC-5, dan (ddpbsd) wrote:
>
> On Thu, Mar 3, 2016 at 1:09 PM, jkrew  
> wrote: 
> > Greetings, 
> > 
> > We are using OSSEC as provided by CloudAware. I'm in the process of 
> setting 
> > up some custom alerts for testing, alerts I would like to receive via 
> email. 
> > 
> > I am able to send email from the Linux host via the following: 
> > echo "test" | mail -s "subject line" mye...@domain.name  
> > 
> > To help troubleshoot, I've set the following debug options in 
> > internal_options.conf: 
> > syscheck.debug=1 
> > agent.debug=1 
> > 
> > And here is what I've configured in ossec.conf: 
> > 
> > 
> >  
> >  
> > cloud aware server 
>
> Is this an agent or the server? 
>
> >  
> > 
> >
> > yes 
> > my email address 
> > 127.0.0.1 
> > ro...@dns.name  
> >
> > 
> >
> >1 
> > 
> >
> > 
> > I see no errors in the ossec.log file that indicates that it's even 
> > attempting to send mail. Am I correct that it should attempt to send me 
> an 
> > email each time I restart OSSEC - that looks to be a level 7 alert. 
> > 
> > Any suggestions for troubleshooting would be MUCH appreciated - it feels 
> > like there might be an override setting that I'm simply not aware of, 
> but I 
> > have yet to find anything of that nature. 
> > 
>
> agents do not send email, just the ossec server. 
>
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Help with setting up email alerts

2016-03-03 Thread dan (ddp)

On Thu, Mar 3, 2016 at 1:09 PM, jkrew  wrote:
> Greetings,
>
> We are using OSSEC as provided by CloudAware. I'm in the process of setting
> up some custom alerts for testing, alerts I would like to receive via email.
>
> I am able to send email from the Linux host via the following:
> echo "test" | mail -s "subject line" myem...@domain.name
>
> To help troubleshoot, I've set the following debug options in
> internal_options.conf:
> syscheck.debug=1
> agent.debug=1
>
> And here is what I've configured in ossec.conf:
>
>
> 
> 
> cloud aware server

Is this an agent or the server?

> 
>
>   
> yes
> my email address
> 127.0.0.1
> r...@dns.name
>   
>
>   
>1
>
>   
>
> I see no errors in the ossec.log file that indicates that it's even
> attempting to send mail. Am I correct that it should attempt to send me an
> email each time I restart OSSEC - that looks to be a level 7 alert.
>
> Any suggestions for troubleshooting would be MUCH appreciated - it feels
> like there might be an override setting that I'm simply not aware of, but I
> have yet to find anything of that nature.
>

agents do not send email, just the ossec server.

> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Help with setting up email alerts

2016-03-03 Thread jkrew

Greetings,

We are using OSSEC as provided by CloudAware. I'm in the process of setting 
up some custom alerts for testing, alerts I would like to receive via 
email. 

I am able to send email from the Linux host via the following:
echo "test" | mail -s "subject line" myem...@domain.name

To help troubleshoot, I've set the following debug options in 
internal_options.conf:
syscheck.debug=1
agent.debug=1

And here is what I've configured in ossec.conf:




cloud aware server


  
yes
my email address
127.0.0.1
r...@dns.name
  

  
   1
   
  

I see no errors in the ossec.log file that indicates that it's even 
attempting to send mail. Am I correct that it should attempt to send me an 
email each time I restart OSSEC - that looks to be a level 7 alert.

Any suggestions for troubleshooting would be MUCH appreciated - it feels 
like there might be an override setting that I'm simply not aware of, but I 
have yet to find anything of that nature. 

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Help with setting up email alerts

Re: [ossec-list] Help with setting up email alerts

Re: [ossec-list] Help with setting up email alerts

[ossec-list] Help with setting up email alerts

4 matches

Site Navigation

Mail list logo

Footer information