This problem seems to have been resolved now.
The email address used in the From field in the configs for some reason halted the emails from sending. Changing it to "some other" email address worked. Not sure why yet but it is not an Ossec problem. Sorry for wasting anyone's time. --- Regards David Ward m: 0410 472 531 skype: DaveQB twitter: DaveQB14 www: www.dward.us On 02.02.2012 11:27, David wrote: > Hi all, > > I have finally tracked down why I am not getting any emails from ossec > at all by enabling debugging in sendmail.c and recompiling maild as > suggested here: > > http://www.ossec.net/wiki/Tweaking_OSSEC#How_to_trace_sending_mail [1] > > The debug info I have is: > > 2012/02/02 10:49:30 ossec-syscheckd: INFO: Starting syscheck scan > (forwarding database). > 2012/02/02 10:49:30 ossec-syscheckd: INFO: Starting syscheck database > (pre-scan). > 2012/02/02 10:50:44 DEBUG: Received banner: '220 (smtpserver) ESMTP > ready. > ' > 2012/02/02 10:50:44 DEBUG: Sent 'Helo notify.ossec.net > ', received: '250 (smtpserver) Hello notify.ossec.net [172.16.0.154] > ' > 2012/02/02 10:50:44 DEBUG: Sent 'Mail From: > ', received: '250 OK > ' > 2012/02/02 10:50:44 DEBUG: Sent 'Rcpt To: > ', received: '250 Accepted > ' > 2012/02/02 10:50:44 DEBUG: Sent 'Rcpt To: > ', received: '250 Accepted > ' > 2012/02/02 10:50:44 DEBUG: Sent 'DATA > ', received: '354 Enter message, ending with "." on a line by itself > ' > 2012/02/02 10:54:40 ossec-syscheckd: INFO: Finished creating syscheck > database (pre-scan completed). > 2012/02/02 10:54:52 ossec-syscheckd: INFO: Ending syscheck scan > (forwarding database). > > It looks to me that ossec simply doesn't send a message at all and > doesn't end the message sending properly either. > > I am running ossec-hids-2.6 on Debian 6.0.3 32-bit (server, the 1 > client so far is the same OS) > > Any advice appreciated. > Thank you. Links: ------ [1] http://www.ossec.net/wiki/Tweaking_OSSEC#How_to_trace_sending_mail
