subject:"Re\: \[ossec\-list\] ossec\-maild not sending out any alerts \(relaying through ssmtp\)"

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-29 Thread dan (ddp)

On Wed, Sep 28, 2016 at 11:37 AM, Laura Herrera  wrote:
> Hi Dan,
>
> Yes, thank you, i have been trying to get this working all day.
>
> I am running ossec on an ubuntu 14.04 server and i need to be able to email
> alerts of course.
>
> I saw in a separate post that ossec actually needs smtp listening on the
> local server, and so i decided to use postfix as a relay.
> To make things more complicated, my mail server is in office 365.
>
> Here my configurations:
> /etc/postfix/main.cf   (changes from original)
>
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_generic_maps = hash:/etc/postfix/generic
>
> myhostname = ossec-1.example.com
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> myorigin = /etc/mailname
> mydestination = localhost.localdomain, localhost
> relayhost = smtp.office365.com:587
> mynetworks = 127.0.0.0/8, 10.0.0.0/8
>
> /etc/postfix/generic
> /.*/  u...@example.com
>
>
> /etc/postfix/sasl_passwd
> [smtp.office365.com]:587 u...@example.com:MyPassword
>
>
> ossec.conf
>   
> no
> yes
> localhost
> dev...@example.com
> u...@example.com
>   
>
> I am sure postfix is listening on port 25:
> tcp0  0 0.0.0.0:25  0.0.0.0:*   LISTEN
> 947/master
>
> The error i get, even after enabling debug mode in ossec is not very helpful
> at all:
> 2016/09/28 09:36:04 ossec-maild(1223): ERROR: Error Sending email to
> 127.0.0.1 (smtp server)
>
> nothing before or after that can be of help...
>

Have you checked postfix's logs to see if it is logging the error?

> Sorry i don't know what else to say
>
> Thanks a lot, hope you can help
> Laura
>
>
> On Wednesday, 28 September 2016 11:47:20 UTC+1, dan (ddpbsd) wrote:
>>
>> On Sep 28, 2016 6:42 AM, "Laura Herrera"  wrote:
>> >
>> > Hi Theresa,
>> >
>> > Please can i ask how did you solve this problem?
>> >
>>
>> If you're having issues, you could post details and we could try to help.
>>
>> > Thanks a lot,
>> > Laura
>> >
>> >
>> > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote:
>> >>
>> >> OK, managed to fix this and face-palming myself
>> >>
>> >> i've tweaked the postfix config a bit, enabled the service and there we
>> >> go...
>> >> ossec-maild is now officially sending out alerts to my email address.
>> >>
>> >> theresa happy :)
>> >>
>> >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov:
>> >>>
>> >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable
>> >>> debug. It will increase log verbosity. Then restart OSSEC, and check
>> >>> /var/ossec/log/ossec.log.
>> >>> Also after restart try to issue command "ps aux | grep ossec", and
>> >>> check, that ossec-maild process is running.
>> >>>
>> >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare :
>> 
>>  i've also tried disabling iptables, but that didn't help either...
>>  but then again i can send out emails with mailx just find, so i don't
>>  think it's iptables blocking anyway...
>> 
>>  any ideas?
>> 
>> 
>>  Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare:
>> >
>> > Hi Daniil,
>> >
>> > I've already done that. The maillog doesn't show the mail being
>> > sent, but there isn't an error either. It seems that the ossec-maild 
>> > isn't
>> > even relaying it to the local smtp mta (ssmtp) because as said before 
>> > I can
>> > send out mails with mailx just fine.
>> >
>> > The ossec.log doesn't even mention the ossec-maild even though the
>> > process is running...
>> > Hmm
>> 
>>  --
>> 
>>  ---
>>  You received this message because you are subscribed to the Google
>>  Groups "ossec-list" group.
>>  To unsubscribe from this group and stop receiving emails from it,
>>  send an email to ossec-list+...@googlegroups.com.
>>  For more options, visit https://groups.google.com/d/optout.
>> >>>
>> >>> --
>> >>>
>> >>> --
>> >>> С уважением, Светлов Даниил.
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an email to ossec-list+...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-29 Thread dan (ddp)

On Wed, Sep 28, 2016 at 12:56 PM, Laura Herrera  wrote:
> Hi Dan,
>
> Changing subject a bit,  do you know if it's possible to have alerts in
> ossec calling a script instead of sending an email directly?
>

Other than active response, no.

> Ta
> Laura
>
>
> On Wednesday, 28 September 2016 16:37:57 UTC+1, Laura Herrera wrote:
>>
>> Hi Dan,
>>
>> Yes, thank you, i have been trying to get this working all day.
>>
>> I am running ossec on an ubuntu 14.04 server and i need to be able to
>> email alerts of course.
>>
>> I saw in a separate post that ossec actually needs smtp listening on the
>> local server, and so i decided to use postfix as a relay.
>> To make things more complicated, my mail server is in office 365.
>>
>> Here my configurations:
>> /etc/postfix/main.cf   (changes from original)
>>
>> smtp_sasl_auth_enable = yes
>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>> smtp_generic_maps = hash:/etc/postfix/generic
>>
>> myhostname = ossec-1.example.com
>> alias_maps = hash:/etc/aliases
>> alias_database = hash:/etc/aliases
>> myorigin = /etc/mailname
>> mydestination = localhost.localdomain, localhost
>> relayhost = smtp.office365.com:587
>> mynetworks = 127.0.0.0/8, 10.0.0.0/8
>>
>> /etc/postfix/generic
>> /.*/  u...@example.com
>>
>>
>> /etc/postfix/sasl_passwd
>> [smtp.office365.com]:587 u...@example.com:MyPassword
>>
>>
>> ossec.conf
>>   
>> no
>> yes
>> localhost
>> dev...@example.com
>> u...@example.com
>>   
>>
>> I am sure postfix is listening on port 25:
>> tcp0  0 0.0.0.0:25  0.0.0.0:*   LISTEN
>> 947/master
>>
>> The error i get, even after enabling debug mode in ossec is not very
>> helpful at all:
>> 2016/09/28 09:36:04 ossec-maild(1223): ERROR: Error Sending email to
>> 127.0.0.1 (smtp server)
>>
>> nothing before or after that can be of help...
>>
>> Sorry i don't know what else to say
>>
>> Thanks a lot, hope you can help
>> Laura
>>
>>
>> On Wednesday, 28 September 2016 11:47:20 UTC+1, dan (ddpbsd) wrote:
>>>
>>> On Sep 28, 2016 6:42 AM, "Laura Herrera"  wrote:
>>> >
>>> > Hi Theresa,
>>> >
>>> > Please can i ask how did you solve this problem?
>>> >
>>>
>>> If you're having issues, you could post details and we could try to help.
>>>
>>> > Thanks a lot,
>>> > Laura
>>> >
>>> >
>>> > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote:
>>> >>
>>> >> OK, managed to fix this and face-palming myself
>>> >>
>>> >> i've tweaked the postfix config a bit, enabled the service and there
>>> >> we go...
>>> >> ossec-maild is now officially sending out alerts to my email address.
>>> >>
>>> >> theresa happy :)
>>> >>
>>> >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov:
>>> >>>
>>> >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable
>>> >>> debug. It will increase log verbosity. Then restart OSSEC, and check
>>> >>> /var/ossec/log/ossec.log.
>>> >>> Also after restart try to issue command "ps aux | grep ossec", and
>>> >>> check, that ossec-maild process is running.
>>> >>>
>>> >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare :
>>> 
>>>  i've also tried disabling iptables, but that didn't help either...
>>>  but then again i can send out emails with mailx just find, so i
>>>  don't think it's iptables blocking anyway...
>>> 
>>>  any ideas?
>>> 
>>> 
>>>  Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare:
>>> >
>>> > Hi Daniil,
>>> >
>>> > I've already done that. The maillog doesn't show the mail being
>>> > sent, but there isn't an error either. It seems that the ossec-maild 
>>> > isn't
>>> > even relaying it to the local smtp mta (ssmtp) because as said before 
>>> > I can
>>> > send out mails with mailx just fine.
>>> >
>>> > The ossec.log doesn't even mention the ossec-maild even though the
>>> > process is running...
>>> > Hmm
>>> 
>>>  --
>>> 
>>>  ---
>>>  You received this message because you are subscribed to the Google
>>>  Groups "ossec-list" group.
>>>  To unsubscribe from this group and stop receiving emails from it,
>>>  send an email to ossec-list+...@googlegroups.com.
>>>  For more options, visit https://groups.google.com/d/optout.
>>> >>>
>>> >>> --
>>> >>>
>>> >>> --
>>> >>> С уважением, Светлов Даниил.
>>> >
>>> > --
>>> >
>>> > ---
>>> > You received this message because you are subscribed to the Google
>>> > Groups "ossec-list" group.
>>> > To unsubscribe from this group and stop receiving emails from it, send
>>> > an email to ossec-list+...@googlegroups.com.
>>> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-28 Thread Laura Herrera

Hi Dan,

Changing subject a bit,  do you know if it's possible to have alerts in 
ossec calling a script instead of sending an email directly?

Ta
Laura

On Wednesday, 28 September 2016 16:37:57 UTC+1, Laura Herrera wrote:
>
> Hi Dan,
>
> Yes, thank you, i have been trying to get this working all day.
>
> I am running ossec on an ubuntu 14.04 server and i need to be able to 
> email alerts of course.
>
> I saw in a separate post that ossec actually needs smtp listening on the 
> local server, and so i decided to use postfix as a relay.
> To make things more complicated, my mail server is in office 365.
>
> Here my configurations:
> /etc/postfix/main.cf   (changes from original)
>
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_generic_maps = hash:/etc/postfix/generic
>
> myhostname = ossec-1.example.com
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> myorigin = /etc/mailname
> mydestination = localhost.localdomain, localhost
> relayhost = smtp.office365.com:587
> mynetworks = 127.0.0.0/8, 10.0.0.0/8
>
> /etc/postfix/generic
> /.*/  u...@example.com
>
>
> /etc/postfix/sasl_passwd
> [smtp.office365.com]:587 u...@example.com:MyPassword
>
>
> ossec.conf
>   
> no
> yes
> localhost
> dev...@example.com
> u...@example.com
>   
>
> I am sure postfix is listening on port 25:
> tcp0  0 0.0.0.0:25  0.0.0.0:*   
> LISTEN  947/master
>
> The error i get, even after enabling debug mode in ossec is not very 
> helpful at all:
> 2016/09/28 09:36:04 ossec-maild(1223): ERROR: Error Sending email to 
> 127.0.0.1 (smtp server)
>
> nothing before or after that can be of help...
>
> Sorry i don't know what else to say
>
> Thanks a lot, hope you can help
> Laura
>
>
> On Wednesday, 28 September 2016 11:47:20 UTC+1, dan (ddpbsd) wrote:
>>
>> On Sep 28, 2016 6:42 AM, "Laura Herrera"  wrote:
>> >
>> > Hi Theresa,
>> >
>> > Please can i ask how did you solve this problem?
>> >
>>
>> If you're having issues, you could post details and we could try to help.
>>
>> > Thanks a lot,
>> > Laura
>> >
>> >
>> > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote:
>> >>
>> >> OK, managed to fix this and face-palming myself
>> >>
>> >> i've tweaked the postfix config a bit, enabled the service and there 
>> we go...
>> >> ossec-maild is now officially sending out alerts to my email address.
>> >>
>> >> theresa happy :)
>> >>
>> >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov:
>> >>>
>> >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable 
>> debug. It will increase log verbosity. Then restart OSSEC, and check 
>> /var/ossec/log/ossec.log.
>> >>> Also after restart try to issue command "ps aux | grep ossec", and 
>> check, that ossec-maild process is running.
>> >>>
>> >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare :
>> 
>>  i've also tried disabling iptables, but that didn't help either...
>>  but then again i can send out emails with mailx just find, so i 
>> don't think it's iptables blocking anyway...
>> 
>>  any ideas?
>> 
>> 
>>  Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare:
>> >
>> > Hi Daniil, 
>> >
>> > I've already done that. The maillog doesn't show the mail being 
>> sent, but there isn't an error either. It seems that the ossec-maild isn't 
>> even relaying it to the local smtp mta (ssmtp) because as said before I can 
>> send out mails with mailx just fine. 
>> >
>> > The ossec.log doesn't even mention the ossec-maild even though the 
>> process is running... 
>> > Hmm
>> 
>>  -- 
>> 
>>  --- 
>>  You received this message because you are subscribed to the Google 
>> Groups "ossec-list" group.
>>  To unsubscribe from this group and stop receiving emails from it, 
>> send an email to ossec-list+...@googlegroups.com.
>>  For more options, visit https://groups.google.com/d/optout.
>> >>>
>> >>> -- 
>> >>>
>> >>> --
>> >>> С уважением, Светлов Даниил.
>> >
>> > -- 
>> >
>> > --- 
>> > You received this message because you are subscribed to the Google 
>> Groups "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send 
>> an email to ossec-list+...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-28 Thread Laura Herrera

Hi Dan,

Yes, thank you, i have been trying to get this working all day.

I am running ossec on an ubuntu 14.04 server and i need to be able to email 
alerts of course.

I saw in a separate post that ossec actually needs smtp listening on the 
local server, and so i decided to use postfix as a relay.
To make things more complicated, my mail server is in office 365.

Here my configurations:
/etc/postfix/main.cf   (changes from original)

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_generic_maps = hash:/etc/postfix/generic

myhostname = ossec-1.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.localdomain, localhost
relayhost = smtp.office365.com:587
mynetworks = 127.0.0.0/8, 10.0.0.0/8

/etc/postfix/generic
/.*/  u...@example.com


/etc/postfix/sasl_passwd
[smtp.office365.com]:587 u...@example.com:MyPassword


ossec.conf
  
no
yes
localhost
dev...@example.com
u...@example.com
  

I am sure postfix is listening on port 25:
tcp0  0 0.0.0.0:25  0.0.0.0:*   LISTEN 
 947/master

The error i get, even after enabling debug mode in ossec is not very 
helpful at all:
2016/09/28 09:36:04 ossec-maild(1223): ERROR: Error Sending email to 
127.0.0.1 (smtp server)

nothing before or after that can be of help...

Sorry i don't know what else to say

Thanks a lot, hope you can help
Laura


On Wednesday, 28 September 2016 11:47:20 UTC+1, dan (ddpbsd) wrote:
>
> On Sep 28, 2016 6:42 AM, "Laura Herrera"  
> wrote:
> >
> > Hi Theresa,
> >
> > Please can i ask how did you solve this problem?
> >
>
> If you're having issues, you could post details and we could try to help.
>
> > Thanks a lot,
> > Laura
> >
> >
> > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote:
> >>
> >> OK, managed to fix this and face-palming myself
> >>
> >> i've tweaked the postfix config a bit, enabled the service and there we 
> go...
> >> ossec-maild is now officially sending out alerts to my email address.
> >>
> >> theresa happy :)
> >>
> >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov:
> >>>
> >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable 
> debug. It will increase log verbosity. Then restart OSSEC, and check 
> /var/ossec/log/ossec.log.
> >>> Also after restart try to issue command "ps aux | grep ossec", and 
> check, that ossec-maild process is running.
> >>>
> >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare :
> 
>  i've also tried disabling iptables, but that didn't help either...
>  but then again i can send out emails with mailx just find, so i don't 
> think it's iptables blocking anyway...
> 
>  any ideas?
> 
> 
>  Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare:
> >
> > Hi Daniil, 
> >
> > I've already done that. The maillog doesn't show the mail being 
> sent, but there isn't an error either. It seems that the ossec-maild isn't 
> even relaying it to the local smtp mta (ssmtp) because as said before I can 
> send out mails with mailx just fine. 
> >
> > The ossec.log doesn't even mention the ossec-maild even though the 
> process is running... 
> > Hmm
> 
>  -- 
> 
>  --- 
>  You received this message because you are subscribed to the Google 
> Groups "ossec-list" group.
>  To unsubscribe from this group and stop receiving emails from it, 
> send an email to ossec-list+...@googlegroups.com.
>  For more options, visit https://groups.google.com/d/optout.
> >>>
> >>> -- 
> >>>
> >>> --
> >>> С уважением, Светлов Даниил.
> >
> > -- 
> >
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to ossec-list+...@googlegroups.com .
> > For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-28 Thread dan (ddp)

On Sep 28, 2016 6:42 AM, "Laura Herrera"  wrote:
>
> Hi Theresa,
>
> Please can i ask how did you solve this problem?
>

If you're having issues, you could post details and we could try to help.

> Thanks a lot,
> Laura
>
>
> On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote:
>>
>> OK, managed to fix this and face-palming myself
>>
>> i've tweaked the postfix config a bit, enabled the service and there we
go...
>> ossec-maild is now officially sending out alerts to my email address.
>>
>> theresa happy :)
>>
>> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov:
>>>
>>> Theresa, try to issue command /var/ossec/bin/ossec-control enable
debug. It will increase log verbosity. Then restart OSSEC, and check
/var/ossec/log/ossec.log.
>>> Also after restart try to issue command "ps aux | grep ossec", and
check, that ossec-maild process is running.
>>>
>>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare :

 i've also tried disabling iptables, but that didn't help either...
 but then again i can send out emails with mailx just find, so i don't
think it's iptables blocking anyway...

 any ideas?


 Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare:
>
> Hi Daniil,
>
> I've already done that. The maillog doesn't show the mail being sent,
but there isn't an error either. It seems that the ossec-maild isn't even
relaying it to the local smtp mta (ssmtp) because as said before I can send
out mails with mailx just fine.
>
> The ossec.log doesn't even mention the ossec-maild even though the
process is running...
> Hmm

 --

 ---
 You received this message because you are subscribed to the Google
Groups "ossec-list" group.
 To unsubscribe from this group and stop receiving emails from it, send
an email to ossec-list+...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.
>>>
>>> --
>>>
>>> --
>>> С уважением, Светлов Даниил.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
"ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2016-09-28 Thread Laura Herrera

Hi Theresa,

Please can i ask how did you solve this problem?

Thanks a lot,
Laura

On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote:
>
> OK, managed to fix this and face-palming myself
>
> i've tweaked the postfix config a bit, enabled the service and there we 
> go...
> ossec-maild is now officially sending out alerts to my email address.
>
> theresa happy :)
>
> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov:
>>
>> Theresa, try to issue command /var/ossec/bin/ossec-control enable debug. 
>> It will increase log verbosity. Then restart OSSEC, and check 
>> /var/ossec/log/ossec.log.
>> Also after restart try to issue command "ps aux | grep ossec", and check, 
>> that ossec-maild process is running.
>>
>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare :
>>
>>> i've also tried disabling iptables, but that didn't help either...
>>> but then again i can send out emails with mailx just find, so i don't 
>>> think it's iptables blocking anyway...
>>>
>>> any ideas?
>>>
>>>
>>> Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare:

 Hi Daniil, 

 I've already done that. The maillog doesn't show the mail being sent, 
 but there isn't an error either. It seems that the ossec-maild isn't even 
 relaying it to the local smtp mta (ssmtp) because as said before I can 
 send 
 out mails with mailx just fine. 

 The ossec.log doesn't even mention the ossec-maild even though the 
 process is running... 
 Hmm
>>>
>>> -- 
>>>
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to ossec-list+...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> -- 
>>
>> --
>> С уважением, Светлов Даниил.
>>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2015-07-06 Thread theresa mic-snare

OK, managed to fix this and face-palming myself

i've tweaked the postfix config a bit, enabled the service and there we 
go...
ossec-maild is now officially sending out alerts to my email address.

theresa happy :)

Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov:

 Theresa, try to issue command /var/ossec/bin/ossec-control enable debug. 
 It will increase log verbosity. Then restart OSSEC, and check 
 /var/ossec/log/ossec.log.
 Also after restart try to issue command ps aux | grep ossec, and check, 
 that ossec-maild process is running.

 сб, 4 июля 2015 г. в 19:13, theresa mic-snare rockpr...@gmail.com 
 javascript::

 i've also tried disabling iptables, but that didn't help either...
 but then again i can send out emails with mailx just find, so i don't 
 think it's iptables blocking anyway...

 any ideas?


 Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare:

 Hi Daniil, 

 I've already done that. The maillog doesn't show the mail being sent, 
 but there isn't an error either. It seems that the ossec-maild isn't even 
 relaying it to the local smtp mta (ssmtp) because as said before I can send 
 out mails with mailx just fine. 

 The ossec.log doesn't even mention the ossec-maild even though the 
 process is running... 
 Hmm

  -- 

 --- 
 You received this message because you are subscribed to the Google Groups 
 ossec-list group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to ossec-list+...@googlegroups.com javascript:.
 For more options, visit https://groups.google.com/d/optout.

 -- 

 --
 С уважением, Светлов Даниил.
  

-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2015-07-06 Thread theresa mic-snare

Hi Daniil,

thank you very much for the advice with enabling debug!!
I've now looked into the ossec.log and it says:

*2015/07/05 03:34:02 ossec-maild(1223): ERROR: Error Sending email to 
127.0.0.1 (smtp server)*
2015/07/05 15:03:18 ossec-syscheckd: INFO: Starting syscheck scan.
2015/07/05 15:16:37 ossec-syscheckd: INFO: Ending syscheck scan.
2015/07/05 15:21:37 ossec-rootcheck: INFO: Starting rootcheck scan.
2015/07/05 15:24:22 ossec-rootcheck: INFO: Ending rootcheck scan.
2015/07/06 11:19:22 ossec-syscheckd: INFO: Starting syscheck scan.
2015/07/06 11:32:41 ossec-syscheckd: INFO: Ending syscheck scan.
2015/07/06 11:37:41 ossec-rootcheck: INFO: Starting rootcheck scan.
2015/07/06 11:40:28 ossec-rootcheck: INFO: Ending rootcheck scan.
*2015/07/06 19:03:11 ossec-maild(1223): ERROR: Error Sending email to 
127.0.0.1 (smtp server)*
2015/07/06 19:03:14 ossec-monitord(1225): INFO: SIGNAL Received. Exit 
Cleaning...
2015/07/06 19:03:14 ossec-logcollector(1225): INFO: SIGNAL Received. Exit 
Cleaning...
2015/07/06 19:03:14 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit 
Cleaning...
2015/07/06 19:03:14 ossec-analysisd(1225): INFO: SIGNAL Received. Exit 
Cleaning...
2015/07/06 19:03:14 ossec-maild(1225): INFO: SIGNAL Received. Exit 
Cleaning...
2015/07/06 19:03:14 ossec-execd(1314): INFO: Shutdown received. Deleting 
responses.
2015/07/06 19:03:14 ossec-execd(1225): INFO: SIGNAL Received. Exit 
Cleaning...
2015/07/06 19:03:15 ossec-testrule: INFO: Reading local decoder file.
2015/07/06 19:03:15 ossec-testrule: INFO: Started (pid: 1900).


*2015/07/06 19:03:15 ossec-maild: DEBUG: Starting ...2015/07/06 19:03:15 
ossec-maild: INFO: Chrooted to directory: /var/ossec, using user: 
ossecm2015/07/06 19:03:15 ossec-maild: INFO: Started (pid: 1921).*
2015/07/06 19:03:15 ossec-analysisd: DEBUG: Starting ...
2015/07/06 19:03:15 ossec-analysisd: DEBUG: Found user/group ...
2015/07/06 19:03:15 ossec-analysisd: DEBUG: Active response initialized ...

I've no idea why it says it can't send mails to localhost.
Do you think this could be an IPtables or SeLinux issue? Although I've set 
SeLinux to Status Permissive so it actually shouldn't block anything.

I have an assumption why it's not working.
when I do a netstat -plntu I can only see the server listening to the SSH 
port. 

For my mail setup I only use SSMTP (to relay it to gmail.com) do I also 
need postfix setup for local mailing? The postfix config let's you relay 
mails locally...
What is your mail setup on the server?
I think the ossec-maild needs a local MTA listening on port 25 to send 
emails out to ssmtp ?!

what do you think?
please help!

Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov:

 Theresa, try to issue command /var/ossec/bin/ossec-control enable debug. 
 It will increase log verbosity. Then restart OSSEC, and check 
 /var/ossec/log/ossec.log.
 Also after restart try to issue command ps aux | grep ossec, and check, 
 that ossec-maild process is running.

 сб, 4 июля 2015 г. в 19:13, theresa mic-snare rockpr...@gmail.com 
 javascript::

 i've also tried disabling iptables, but that didn't help either...
 but then again i can send out emails with mailx just find, so i don't 
 think it's iptables blocking anyway...

 any ideas?


 Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare:

 Hi Daniil, 

 I've already done that. The maillog doesn't show the mail being sent, 
 but there isn't an error either. It seems that the ossec-maild isn't even 
 relaying it to the local smtp mta (ssmtp) because as said before I can send 
 out mails with mailx just fine. 

 The ossec.log doesn't even mention the ossec-maild even though the 
 process is running... 
 Hmm

  -- 

 --- 
 You received this message because you are subscribed to the Google Groups 
 ossec-list group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to ossec-list+...@googlegroups.com javascript:.
 For more options, visit https://groups.google.com/d/optout.

 -- 

 --
 С уважением, Светлов Даниил.
  

-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2015-07-05 Thread Daniil Svetlov

Theresa, try to issue command /var/ossec/bin/ossec-control enable debug. It
will increase log verbosity. Then restart OSSEC, and check
/var/ossec/log/ossec.log.
Also after restart try to issue command ps aux | grep ossec, and check,
that ossec-maild process is running.

сб, 4 июля 2015 г. в 19:13, theresa mic-snare rockprinz...@gmail.com:

 i've also tried disabling iptables, but that didn't help either...
 but then again i can send out emails with mailx just find, so i don't
 think it's iptables blocking anyway...

 any ideas?


 Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare:

 Hi Daniil,

 I've already done that. The maillog doesn't show the mail being sent, but
 there isn't an error either. It seems that the ossec-maild isn't even
 relaying it to the local smtp mta (ssmtp) because as said before I can send
 out mails with mailx just fine.

 The ossec.log doesn't even mention the ossec-maild even though the
 process is running...
 Hmm

  --

 ---
 You received this message because you are subscribed to the Google Groups
 ossec-list group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to ossec-list+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 

--
С уважением, Светлов Даниил.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2015-07-04 Thread theresa mic-snare

Hi Daniil,

I've already done that. The maillog doesn't show the mail being sent, but there 
isn't an error either. It seems that the ossec-maild isn't even relaying it to 
the local smtp mta (ssmtp) because as said before I can send out mails with 
mailx just fine.

The ossec.log doesn't even mention the ossec-maild even though the process is 
running...
Hmm

-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2015-07-04 Thread theresa mic-snare

i've also tried disabling iptables, but that didn't help either...
but then again i can send out emails with mailx just find, so i don't think 
it's iptables blocking anyway...

any ideas?

Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare:

 Hi Daniil, 

 I've already done that. The maillog doesn't show the mail being sent, but 
 there isn't an error either. It seems that the ossec-maild isn't even 
 relaying it to the local smtp mta (ssmtp) because as said before I can send 
 out mails with mailx just fine. 

 The ossec.log doesn't even mention the ossec-maild even though the process 
 is running... 
 Hmm

-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

2015-07-04 Thread Daniil Svetlov

Hello, Theresa!

First of all check spam folder in your gmail account. Probably gmail just
in it mail from OSSEC, because they not look valid.

If you use SMTP server on localhost, check  logs of MTA. It must be in
/var/log/maillog.

пт, 3 июля 2015 г. в 19:19, theresa mic-snare rockprinz...@gmail.com:

 hi ossec'ers,


 my problem is I can't send out any emails/alert notifications with the
 ossec-maild process. I'm relaying my emails through ssmtp, the
 configuration is valid because I'm able to send out mails to external
 addresses through mailx for instance. But for some reason OSSEC just won't
 send any emails out.

 I have the following in my global ossec.conf


   global
 email_notificationyes/email_notification
 email_tox...@gmail.com/email_to
 smtp_serverlocalhost/smtp_server
 email_fromx...@gmail.com/email_from
   /global

 So by localhost or 127.0.0.1 it should use ssmtp to send out emails, right?


 Does the email_from field require to be a ossecm@realdomain? Or can this
 be a gmail address as well? So does it mean the ossecm user needs to send
 out these alerts?

 Again tests to send out emails through ssmtp via mailx have been
 successful. so I doubt it's a ssmtp issue here.

 Also what I find a little odd is that when i restart ossec through
 ossec-control all the services/processes should be restarted in a specific
 order, right? however when I look at the ossec.log in
 /var/ossec/logs/ossec.log the ossec-maild isn't mentioned at all the
 process itself runs though, when i do a ps -ef |grep ossec-maild

 my question now: how can I get the email notifcation in ossec to work?!


 thanks!

 --

 ---
 You received this message because you are subscribed to the Google Groups
 ossec-list group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to ossec-list+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 

--
С уважением, Светлов Даниил.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
ossec-list group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)

12 matches

Site Navigation

Mail list logo

Footer information