Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
On Wed, Sep 28, 2016 at 11:37 AM, Laura Herrerawrote: > Hi Dan, > > Yes, thank you, i have been trying to get this working all day. > > I am running ossec on an ubuntu 14.04 server and i need to be able to email > alerts of course. > > I saw in a separate post that ossec actually needs smtp listening on the > local server, and so i decided to use postfix as a relay. > To make things more complicated, my mail server is in office 365. > > Here my configurations: > /etc/postfix/main.cf (changes from original) > > smtp_sasl_auth_enable = yes > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_generic_maps = hash:/etc/postfix/generic > > myhostname = ossec-1.example.com > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > myorigin = /etc/mailname > mydestination = localhost.localdomain, localhost > relayhost = smtp.office365.com:587 > mynetworks = 127.0.0.0/8, 10.0.0.0/8 > > /etc/postfix/generic > /.*/ u...@example.com > > > /etc/postfix/sasl_passwd > [smtp.office365.com]:587 u...@example.com:MyPassword > > > ossec.conf > > no > yes > localhost > dev...@example.com > u...@example.com > > > I am sure postfix is listening on port 25: > tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN > 947/master > > The error i get, even after enabling debug mode in ossec is not very helpful > at all: > 2016/09/28 09:36:04 ossec-maild(1223): ERROR: Error Sending email to > 127.0.0.1 (smtp server) > > nothing before or after that can be of help... > Have you checked postfix's logs to see if it is logging the error? > Sorry i don't know what else to say > > Thanks a lot, hope you can help > Laura > > > On Wednesday, 28 September 2016 11:47:20 UTC+1, dan (ddpbsd) wrote: >> >> On Sep 28, 2016 6:42 AM, "Laura Herrera" wrote: >> > >> > Hi Theresa, >> > >> > Please can i ask how did you solve this problem? >> > >> >> If you're having issues, you could post details and we could try to help. >> >> > Thanks a lot, >> > Laura >> > >> > >> > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote: >> >> >> >> OK, managed to fix this and face-palming myself >> >> >> >> i've tweaked the postfix config a bit, enabled the service and there we >> >> go... >> >> ossec-maild is now officially sending out alerts to my email address. >> >> >> >> theresa happy :) >> >> >> >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: >> >>> >> >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable >> >>> debug. It will increase log verbosity. Then restart OSSEC, and check >> >>> /var/ossec/log/ossec.log. >> >>> Also after restart try to issue command "ps aux | grep ossec", and >> >>> check, that ossec-maild process is running. >> >>> >> >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare : >> >> i've also tried disabling iptables, but that didn't help either... >> but then again i can send out emails with mailx just find, so i don't >> think it's iptables blocking anyway... >> >> any ideas? >> >> >> Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: >> > >> > Hi Daniil, >> > >> > I've already done that. The maillog doesn't show the mail being >> > sent, but there isn't an error either. It seems that the ossec-maild >> > isn't >> > even relaying it to the local smtp mta (ssmtp) because as said before >> > I can >> > send out mails with mailx just fine. >> > >> > The ossec.log doesn't even mention the ossec-maild even though the >> > process is running... >> > Hmm >> >> -- >> >> --- >> You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to ossec-list+...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> >>> >> >>> -- >> >>> >> >>> -- >> >>> С уважением, Светлов Даниил. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit
Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
On Wed, Sep 28, 2016 at 12:56 PM, Laura Herrerawrote: > Hi Dan, > > Changing subject a bit, do you know if it's possible to have alerts in > ossec calling a script instead of sending an email directly? > Other than active response, no. > Ta > Laura > > > On Wednesday, 28 September 2016 16:37:57 UTC+1, Laura Herrera wrote: >> >> Hi Dan, >> >> Yes, thank you, i have been trying to get this working all day. >> >> I am running ossec on an ubuntu 14.04 server and i need to be able to >> email alerts of course. >> >> I saw in a separate post that ossec actually needs smtp listening on the >> local server, and so i decided to use postfix as a relay. >> To make things more complicated, my mail server is in office 365. >> >> Here my configurations: >> /etc/postfix/main.cf (changes from original) >> >> smtp_sasl_auth_enable = yes >> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd >> smtp_generic_maps = hash:/etc/postfix/generic >> >> myhostname = ossec-1.example.com >> alias_maps = hash:/etc/aliases >> alias_database = hash:/etc/aliases >> myorigin = /etc/mailname >> mydestination = localhost.localdomain, localhost >> relayhost = smtp.office365.com:587 >> mynetworks = 127.0.0.0/8, 10.0.0.0/8 >> >> /etc/postfix/generic >> /.*/ u...@example.com >> >> >> /etc/postfix/sasl_passwd >> [smtp.office365.com]:587 u...@example.com:MyPassword >> >> >> ossec.conf >> >> no >> yes >> localhost >> dev...@example.com >> u...@example.com >> >> >> I am sure postfix is listening on port 25: >> tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN >> 947/master >> >> The error i get, even after enabling debug mode in ossec is not very >> helpful at all: >> 2016/09/28 09:36:04 ossec-maild(1223): ERROR: Error Sending email to >> 127.0.0.1 (smtp server) >> >> nothing before or after that can be of help... >> >> Sorry i don't know what else to say >> >> Thanks a lot, hope you can help >> Laura >> >> >> On Wednesday, 28 September 2016 11:47:20 UTC+1, dan (ddpbsd) wrote: >>> >>> On Sep 28, 2016 6:42 AM, "Laura Herrera" wrote: >>> > >>> > Hi Theresa, >>> > >>> > Please can i ask how did you solve this problem? >>> > >>> >>> If you're having issues, you could post details and we could try to help. >>> >>> > Thanks a lot, >>> > Laura >>> > >>> > >>> > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote: >>> >> >>> >> OK, managed to fix this and face-palming myself >>> >> >>> >> i've tweaked the postfix config a bit, enabled the service and there >>> >> we go... >>> >> ossec-maild is now officially sending out alerts to my email address. >>> >> >>> >> theresa happy :) >>> >> >>> >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: >>> >>> >>> >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable >>> >>> debug. It will increase log verbosity. Then restart OSSEC, and check >>> >>> /var/ossec/log/ossec.log. >>> >>> Also after restart try to issue command "ps aux | grep ossec", and >>> >>> check, that ossec-maild process is running. >>> >>> >>> >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare : >>> >>> i've also tried disabling iptables, but that didn't help either... >>> but then again i can send out emails with mailx just find, so i >>> don't think it's iptables blocking anyway... >>> >>> any ideas? >>> >>> >>> Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: >>> > >>> > Hi Daniil, >>> > >>> > I've already done that. The maillog doesn't show the mail being >>> > sent, but there isn't an error either. It seems that the ossec-maild >>> > isn't >>> > even relaying it to the local smtp mta (ssmtp) because as said before >>> > I can >>> > send out mails with mailx just fine. >>> > >>> > The ossec.log doesn't even mention the ossec-maild even though the >>> > process is running... >>> > Hmm >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, >>> send an email to ossec-list+...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >>> >>> >>> -- >>> >>> >>> >>> -- >>> >>> С уважением, Светлов Даниил. >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> > Groups "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an email to ossec-list+...@googlegroups.com. >>> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to
Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
Hi Dan, Changing subject a bit, do you know if it's possible to have alerts in ossec calling a script instead of sending an email directly? Ta Laura On Wednesday, 28 September 2016 16:37:57 UTC+1, Laura Herrera wrote: > > Hi Dan, > > Yes, thank you, i have been trying to get this working all day. > > I am running ossec on an ubuntu 14.04 server and i need to be able to > email alerts of course. > > I saw in a separate post that ossec actually needs smtp listening on the > local server, and so i decided to use postfix as a relay. > To make things more complicated, my mail server is in office 365. > > Here my configurations: > /etc/postfix/main.cf (changes from original) > > smtp_sasl_auth_enable = yes > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_generic_maps = hash:/etc/postfix/generic > > myhostname = ossec-1.example.com > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > myorigin = /etc/mailname > mydestination = localhost.localdomain, localhost > relayhost = smtp.office365.com:587 > mynetworks = 127.0.0.0/8, 10.0.0.0/8 > > /etc/postfix/generic > /.*/ u...@example.com > > > /etc/postfix/sasl_passwd > [smtp.office365.com]:587 u...@example.com:MyPassword > > > ossec.conf > > no > yes > localhost > dev...@example.com > u...@example.com > > > I am sure postfix is listening on port 25: > tcp0 0 0.0.0.0:25 0.0.0.0:* > LISTEN 947/master > > The error i get, even after enabling debug mode in ossec is not very > helpful at all: > 2016/09/28 09:36:04 ossec-maild(1223): ERROR: Error Sending email to > 127.0.0.1 (smtp server) > > nothing before or after that can be of help... > > Sorry i don't know what else to say > > Thanks a lot, hope you can help > Laura > > > On Wednesday, 28 September 2016 11:47:20 UTC+1, dan (ddpbsd) wrote: >> >> On Sep 28, 2016 6:42 AM, "Laura Herrera"wrote: >> > >> > Hi Theresa, >> > >> > Please can i ask how did you solve this problem? >> > >> >> If you're having issues, you could post details and we could try to help. >> >> > Thanks a lot, >> > Laura >> > >> > >> > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote: >> >> >> >> OK, managed to fix this and face-palming myself >> >> >> >> i've tweaked the postfix config a bit, enabled the service and there >> we go... >> >> ossec-maild is now officially sending out alerts to my email address. >> >> >> >> theresa happy :) >> >> >> >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: >> >>> >> >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable >> debug. It will increase log verbosity. Then restart OSSEC, and check >> /var/ossec/log/ossec.log. >> >>> Also after restart try to issue command "ps aux | grep ossec", and >> check, that ossec-maild process is running. >> >>> >> >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare : >> >> i've also tried disabling iptables, but that didn't help either... >> but then again i can send out emails with mailx just find, so i >> don't think it's iptables blocking anyway... >> >> any ideas? >> >> >> Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: >> > >> > Hi Daniil, >> > >> > I've already done that. The maillog doesn't show the mail being >> sent, but there isn't an error either. It seems that the ossec-maild isn't >> even relaying it to the local smtp mta (ssmtp) because as said before I can >> send out mails with mailx just fine. >> > >> > The ossec.log doesn't even mention the ossec-maild even though the >> process is running... >> > Hmm >> >> -- >> >> --- >> You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to ossec-list+...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> >>> >> >>> -- >> >>> >> >>> -- >> >>> С уважением, Светлов Даниил. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
Hi Dan, Yes, thank you, i have been trying to get this working all day. I am running ossec on an ubuntu 14.04 server and i need to be able to email alerts of course. I saw in a separate post that ossec actually needs smtp listening on the local server, and so i decided to use postfix as a relay. To make things more complicated, my mail server is in office 365. Here my configurations: /etc/postfix/main.cf (changes from original) smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_generic_maps = hash:/etc/postfix/generic myhostname = ossec-1.example.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = localhost.localdomain, localhost relayhost = smtp.office365.com:587 mynetworks = 127.0.0.0/8, 10.0.0.0/8 /etc/postfix/generic /.*/ u...@example.com /etc/postfix/sasl_passwd [smtp.office365.com]:587 u...@example.com:MyPassword ossec.conf no yes localhost dev...@example.com u...@example.com I am sure postfix is listening on port 25: tcp0 0 0.0.0.0:25 0.0.0.0:* LISTEN 947/master The error i get, even after enabling debug mode in ossec is not very helpful at all: 2016/09/28 09:36:04 ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server) nothing before or after that can be of help... Sorry i don't know what else to say Thanks a lot, hope you can help Laura On Wednesday, 28 September 2016 11:47:20 UTC+1, dan (ddpbsd) wrote: > > On Sep 28, 2016 6:42 AM, "Laura Herrera"> wrote: > > > > Hi Theresa, > > > > Please can i ask how did you solve this problem? > > > > If you're having issues, you could post details and we could try to help. > > > Thanks a lot, > > Laura > > > > > > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote: > >> > >> OK, managed to fix this and face-palming myself > >> > >> i've tweaked the postfix config a bit, enabled the service and there we > go... > >> ossec-maild is now officially sending out alerts to my email address. > >> > >> theresa happy :) > >> > >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: > >>> > >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable > debug. It will increase log verbosity. Then restart OSSEC, and check > /var/ossec/log/ossec.log. > >>> Also after restart try to issue command "ps aux | grep ossec", and > check, that ossec-maild process is running. > >>> > >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare : > > i've also tried disabling iptables, but that didn't help either... > but then again i can send out emails with mailx just find, so i don't > think it's iptables blocking anyway... > > any ideas? > > > Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: > > > > Hi Daniil, > > > > I've already done that. The maillog doesn't show the mail being > sent, but there isn't an error either. It seems that the ossec-maild isn't > even relaying it to the local smtp mta (ssmtp) because as said before I can > send out mails with mailx just fine. > > > > The ossec.log doesn't even mention the ossec-maild even though the > process is running... > > Hmm > > -- > > --- > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, > send an email to ossec-list+...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > >>> > >>> -- > >>> > >>> -- > >>> С уважением, Светлов Даниил. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
On Sep 28, 2016 6:42 AM, "Laura Herrera"wrote: > > Hi Theresa, > > Please can i ask how did you solve this problem? > If you're having issues, you could post details and we could try to help. > Thanks a lot, > Laura > > > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote: >> >> OK, managed to fix this and face-palming myself >> >> i've tweaked the postfix config a bit, enabled the service and there we go... >> ossec-maild is now officially sending out alerts to my email address. >> >> theresa happy :) >> >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: >>> >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable debug. It will increase log verbosity. Then restart OSSEC, and check /var/ossec/log/ossec.log. >>> Also after restart try to issue command "ps aux | grep ossec", and check, that ossec-maild process is running. >>> >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare : i've also tried disabling iptables, but that didn't help either... but then again i can send out emails with mailx just find, so i don't think it's iptables blocking anyway... any ideas? Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: > > Hi Daniil, > > I've already done that. The maillog doesn't show the mail being sent, but there isn't an error either. It seems that the ossec-maild isn't even relaying it to the local smtp mta (ssmtp) because as said before I can send out mails with mailx just fine. > > The ossec.log doesn't even mention the ossec-maild even though the process is running... > Hmm -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> >>> -- >>> С уважением, Светлов Даниил. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
Hi Theresa, Please can i ask how did you solve this problem? Thanks a lot, Laura On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote: > > OK, managed to fix this and face-palming myself > > i've tweaked the postfix config a bit, enabled the service and there we > go... > ossec-maild is now officially sending out alerts to my email address. > > theresa happy :) > > Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: >> >> Theresa, try to issue command /var/ossec/bin/ossec-control enable debug. >> It will increase log verbosity. Then restart OSSEC, and check >> /var/ossec/log/ossec.log. >> Also after restart try to issue command "ps aux | grep ossec", and check, >> that ossec-maild process is running. >> >> сб, 4 июля 2015 г. в 19:13, theresa mic-snare: >> >>> i've also tried disabling iptables, but that didn't help either... >>> but then again i can send out emails with mailx just find, so i don't >>> think it's iptables blocking anyway... >>> >>> any ideas? >>> >>> >>> Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: Hi Daniil, I've already done that. The maillog doesn't show the mail being sent, but there isn't an error either. It seems that the ossec-maild isn't even relaying it to the local smtp mta (ssmtp) because as said before I can send out mails with mailx just fine. The ossec.log doesn't even mention the ossec-maild even though the process is running... Hmm >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ossec-list+...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> >> -- >> С уважением, Светлов Даниил. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
OK, managed to fix this and face-palming myself i've tweaked the postfix config a bit, enabled the service and there we go... ossec-maild is now officially sending out alerts to my email address. theresa happy :) Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: Theresa, try to issue command /var/ossec/bin/ossec-control enable debug. It will increase log verbosity. Then restart OSSEC, and check /var/ossec/log/ossec.log. Also after restart try to issue command ps aux | grep ossec, and check, that ossec-maild process is running. сб, 4 июля 2015 г. в 19:13, theresa mic-snare rockpr...@gmail.com javascript:: i've also tried disabling iptables, but that didn't help either... but then again i can send out emails with mailx just find, so i don't think it's iptables blocking anyway... any ideas? Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: Hi Daniil, I've already done that. The maillog doesn't show the mail being sent, but there isn't an error either. It seems that the ossec-maild isn't even relaying it to the local smtp mta (ssmtp) because as said before I can send out mails with mailx just fine. The ossec.log doesn't even mention the ossec-maild even though the process is running... Hmm -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com javascript:. For more options, visit https://groups.google.com/d/optout. -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
Hi Daniil, thank you very much for the advice with enabling debug!! I've now looked into the ossec.log and it says: *2015/07/05 03:34:02 ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server)* 2015/07/05 15:03:18 ossec-syscheckd: INFO: Starting syscheck scan. 2015/07/05 15:16:37 ossec-syscheckd: INFO: Ending syscheck scan. 2015/07/05 15:21:37 ossec-rootcheck: INFO: Starting rootcheck scan. 2015/07/05 15:24:22 ossec-rootcheck: INFO: Ending rootcheck scan. 2015/07/06 11:19:22 ossec-syscheckd: INFO: Starting syscheck scan. 2015/07/06 11:32:41 ossec-syscheckd: INFO: Ending syscheck scan. 2015/07/06 11:37:41 ossec-rootcheck: INFO: Starting rootcheck scan. 2015/07/06 11:40:28 ossec-rootcheck: INFO: Ending rootcheck scan. *2015/07/06 19:03:11 ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server)* 2015/07/06 19:03:14 ossec-monitord(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:14 ossec-logcollector(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:14 ossec-syscheckd(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:14 ossec-analysisd(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:14 ossec-maild(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:14 ossec-execd(1314): INFO: Shutdown received. Deleting responses. 2015/07/06 19:03:14 ossec-execd(1225): INFO: SIGNAL Received. Exit Cleaning... 2015/07/06 19:03:15 ossec-testrule: INFO: Reading local decoder file. 2015/07/06 19:03:15 ossec-testrule: INFO: Started (pid: 1900). *2015/07/06 19:03:15 ossec-maild: DEBUG: Starting ...2015/07/06 19:03:15 ossec-maild: INFO: Chrooted to directory: /var/ossec, using user: ossecm2015/07/06 19:03:15 ossec-maild: INFO: Started (pid: 1921).* 2015/07/06 19:03:15 ossec-analysisd: DEBUG: Starting ... 2015/07/06 19:03:15 ossec-analysisd: DEBUG: Found user/group ... 2015/07/06 19:03:15 ossec-analysisd: DEBUG: Active response initialized ... I've no idea why it says it can't send mails to localhost. Do you think this could be an IPtables or SeLinux issue? Although I've set SeLinux to Status Permissive so it actually shouldn't block anything. I have an assumption why it's not working. when I do a netstat -plntu I can only see the server listening to the SSH port. For my mail setup I only use SSMTP (to relay it to gmail.com) do I also need postfix setup for local mailing? The postfix config let's you relay mails locally... What is your mail setup on the server? I think the ossec-maild needs a local MTA listening on port 25 to send emails out to ssmtp ?! what do you think? please help! Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: Theresa, try to issue command /var/ossec/bin/ossec-control enable debug. It will increase log verbosity. Then restart OSSEC, and check /var/ossec/log/ossec.log. Also after restart try to issue command ps aux | grep ossec, and check, that ossec-maild process is running. сб, 4 июля 2015 г. в 19:13, theresa mic-snare rockpr...@gmail.com javascript:: i've also tried disabling iptables, but that didn't help either... but then again i can send out emails with mailx just find, so i don't think it's iptables blocking anyway... any ideas? Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: Hi Daniil, I've already done that. The maillog doesn't show the mail being sent, but there isn't an error either. It seems that the ossec-maild isn't even relaying it to the local smtp mta (ssmtp) because as said before I can send out mails with mailx just fine. The ossec.log doesn't even mention the ossec-maild even though the process is running... Hmm -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com javascript:. For more options, visit https://groups.google.com/d/optout. -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
Theresa, try to issue command /var/ossec/bin/ossec-control enable debug. It will increase log verbosity. Then restart OSSEC, and check /var/ossec/log/ossec.log. Also after restart try to issue command ps aux | grep ossec, and check, that ossec-maild process is running. сб, 4 июля 2015 г. в 19:13, theresa mic-snare rockprinz...@gmail.com: i've also tried disabling iptables, but that didn't help either... but then again i can send out emails with mailx just find, so i don't think it's iptables blocking anyway... any ideas? Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: Hi Daniil, I've already done that. The maillog doesn't show the mail being sent, but there isn't an error either. It seems that the ossec-maild isn't even relaying it to the local smtp mta (ssmtp) because as said before I can send out mails with mailx just fine. The ossec.log doesn't even mention the ossec-maild even though the process is running... Hmm -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
Hi Daniil, I've already done that. The maillog doesn't show the mail being sent, but there isn't an error either. It seems that the ossec-maild isn't even relaying it to the local smtp mta (ssmtp) because as said before I can send out mails with mailx just fine. The ossec.log doesn't even mention the ossec-maild even though the process is running... Hmm -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
i've also tried disabling iptables, but that didn't help either... but then again i can send out emails with mailx just find, so i don't think it's iptables blocking anyway... any ideas? Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: Hi Daniil, I've already done that. The maillog doesn't show the mail being sent, but there isn't an error either. It seems that the ossec-maild isn't even relaying it to the local smtp mta (ssmtp) because as said before I can send out mails with mailx just fine. The ossec.log doesn't even mention the ossec-maild even though the process is running... Hmm -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ossec-maild not sending out any alerts (relaying through ssmtp)
Hello, Theresa! First of all check spam folder in your gmail account. Probably gmail just in it mail from OSSEC, because they not look valid. If you use SMTP server on localhost, check logs of MTA. It must be in /var/log/maillog. пт, 3 июля 2015 г. в 19:19, theresa mic-snare rockprinz...@gmail.com: hi ossec'ers, my problem is I can't send out any emails/alert notifications with the ossec-maild process. I'm relaying my emails through ssmtp, the configuration is valid because I'm able to send out mails to external addresses through mailx for instance. But for some reason OSSEC just won't send any emails out. I have the following in my global ossec.conf global email_notificationyes/email_notification email_tox...@gmail.com/email_to smtp_serverlocalhost/smtp_server email_fromx...@gmail.com/email_from /global So by localhost or 127.0.0.1 it should use ssmtp to send out emails, right? Does the email_from field require to be a ossecm@realdomain? Or can this be a gmail address as well? So does it mean the ossecm user needs to send out these alerts? Again tests to send out emails through ssmtp via mailx have been successful. so I doubt it's a ssmtp issue here. Also what I find a little odd is that when i restart ossec through ossec-control all the services/processes should be restarted in a specific order, right? however when I look at the ossec.log in /var/ossec/logs/ossec.log the ossec-maild isn't mentioned at all the process itself runs though, when i do a ps -ef |grep ossec-maild my question now: how can I get the email notifcation in ossec to work?! thanks! -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- -- С уважением, Светлов Даниил. -- --- You received this message because you are subscribed to the Google Groups ossec-list group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.