Re: [ossec-list] HOW TO CONFIGURE OSSEC WARNING THROUGH EMAIL
As Dan alluded to, I use a local postfix null mailer on my lan that sends to a postfix relay from a single/failover point that then sends to gmail. Dan. I have a question for you, perhaps i should start a new thread, but you're so damn diligent about responding to queries, i thought i may just append to my answer. I know that OSSEC is EOL except for serious changes/bugs. I've used ossec for years and eventually moved to wazuh, which I appreciate the fact that your name is in the credits, What is the plan to support the current and non moving version of OSSEC? Thank you for all of your efforts, being on this list for many years has taught me a lot about the underpinnings of your project! Thanks, Jeff On Wed, Jul 8, 2020 at 2:55 PM dan (ddp) wrote: > On Tue, Jul 7, 2020 at 4:29 AM lê danh wrote: > > > > I am a new user, I just have ossec installed and I want to try its email > feature. I have configured the email address in ossec.conf as follows: > > > > > > > > yes > > conme...@gmail.com > > alt4.gmail-smtp-in.l.google.com. > > ossecm @ ubuntu > > > > > > > > conme...@gmail.com > > 5 > > > > > > and expect to receive email alerts at level 5 or higher, but the error > has occurred as follows: > > 2020/07/06 02:51:42 ossec-maild (1261): ERROR: Waiting for child > process. (status: 139). > > 2020/07/06 02:51:42 ossec-maild (1223): ERROR: Error Sending email to > alt4.gmail-smtp > > > > It didn't work, I hope everyone can help me fix this problem as soon as > possible. Sincerely thank you. > > > > I'm pretty sure gmail requires authentication. So you'll have to relay > the OSSEC emails through an smtp server that doesn't require auth. > Luckily, the OSSEC server is running on a Linux or other unix-like > system. An smtpd usually comes installed on the good ones. > Configure the locally installed smtpd to relay the messages through gmail. > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/c337727b-7a3b-4fa6-a428-3af96a0c4c54o%40googlegroups.com > . > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAMyQvMob1QOQCTti8ryS1Ow9Ezkz5BrMd2Zy2jq1TzoPqarhrA%40mail.gmail.com > . > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAHmnZdaGUok%2BijTLnPxXc3izRkcXhPEDMqeVWQH7QJVZT2aWmw%40mail.gmail.com.
Re: [ossec-list] Unnatended installation with .deb and .rpm packages
On Wed, Jul 8, 2020 at 2:53 PM Mm Dd wrote: > > Hello all, > > First, nice to meet you all, and congratulations for the fantastic product > you have developed and released to the public. > > My question is if it is possible to carry out an unattended OSSEC agent > deployment using preloaded-vars.conf file in conjunction with .deb and .rpm > package managers. > > The method I am planning to use to deploy the agent is not compatible with > building from the tarball (I need to include .deb and .rpm packages instead). > > I have inspected the .deb archive for Ubuntu 18.04 and I could not find any > reference to the preloaded-vars.conf file. > > If it is not possible to proceed this way, I will have to find a workaround. > > Thanks a lot in advance! > I don't think so. You could use something like ansible to setup the agents after installation though. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/98533645-c0a7-4ea5-a1a4-478ff01f847bo%40googlegroups.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMr4RCU-k7OySt8SskULD%3D%3DOTkNcMjSrJBQXOM7E6Had_Q%40mail.gmail.com.
Re: [ossec-list] HOW TO CONFIGURE OSSEC WARNING THROUGH EMAIL
On Tue, Jul 7, 2020 at 4:29 AM lê danh wrote: > > I am a new user, I just have ossec installed and I want to try its email > feature. I have configured the email address in ossec.conf as follows: > > > > yes > conme...@gmail.com > alt4.gmail-smtp-in.l.google.com. > ossecm @ ubuntu > > > > conme...@gmail.com > 5 > > > and expect to receive email alerts at level 5 or higher, but the error has > occurred as follows: > 2020/07/06 02:51:42 ossec-maild (1261): ERROR: Waiting for child process. > (status: 139). > 2020/07/06 02:51:42 ossec-maild (1223): ERROR: Error Sending email to > alt4.gmail-smtp > > It didn't work, I hope everyone can help me fix this problem as soon as > possible. Sincerely thank you. > I'm pretty sure gmail requires authentication. So you'll have to relay the OSSEC emails through an smtp server that doesn't require auth. Luckily, the OSSEC server is running on a Linux or other unix-like system. An smtpd usually comes installed on the good ones. Configure the locally installed smtpd to relay the messages through gmail. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/c337727b-7a3b-4fa6-a428-3af96a0c4c54o%40googlegroups.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMob1QOQCTti8ryS1Ow9Ezkz5BrMd2Zy2jq1TzoPqarhrA%40mail.gmail.com.
[ossec-list] Unnatended installation with .deb and .rpm packages
Hello all, First, nice to meet you all, and congratulations for the fantastic product you have developed and released to the public. My question is if it is possible to carry out an unattended OSSEC agent deployment using preloaded-vars.conf file in conjunction with .deb and .rpm package managers. The method I am planning to use to deploy the agent is not compatible with building from the tarball (I need to include .deb and .rpm packages instead). I have inspected the .deb archive for Ubuntu 18.04 and I could not find any reference to the preloaded-vars.conf file. If it is not possible to proceed this way, I will have to find a workaround. Thanks a lot in advance! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/98533645-c0a7-4ea5-a1a4-478ff01f847bo%40googlegroups.com.
[ossec-list] Deploy OSSEC agent using .deb/.rpm packages in conjunction with preloaded-vars.conf (no terminal prompt configuration).
Hello all, Is it possible to carry out an unattended deployment of the OSSEC agent using .deb/.rpm in conjunction with preloaded-vars.conf? How? Thanks in advance. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/9d7e8edc-6a8e-4fc9-8b30-9a008b210163o%40googlegroups.com.