HOW TO CONFIGURE OSSEC WARNING THROUGH EMAIL
1,000 views
Skip to first unread message
lê danh
Jul 7, 2020, 4:29:56 AM7/7/20
to ossec-list
I am a new user, I just have ossec installed and I want to try its email feature. I have configured the email address in ossec.conf as follows:
<ossec_config>
<global>
<email_notification> yes </email_notification>
<email_to> conm...@gmail.com </email_to>
<smtp_server> alt4.gmail-smtp-in.l.google.com. </smtp_server>
<email_from> ossecm @ ubuntu </email_from>
</global>
<email_alerts>
<email_to> conm...@gmail.com </email_to>
<level> 5 </level>
</email_alerts>
and expect to receive email alerts at level 5 or higher, but the error has occurred as follows:
2020/07/06 02:51:42 ossec-maild (1261): ERROR: Waiting for child process. (status: 139).
2020/07/06 02:51:42 ossec-maild (1223): ERROR: Error Sending email to alt4.gmail-smtp
It didn't work, I hope everyone can help me fix this problem as soon as possible. Sincerely thank you.
dan (ddp)
Jul 8, 2020, 2:55:45 PM7/8/20
to ossec...@googlegroups.com
the OSSEC emails through an smtp server that doesn't require auth.
Luckily, the OSSEC server is running on a Linux or other unix-like
system. An smtpd usually comes installed on the good ones.
Configure the locally installed smtpd to relay the messages through gmail.
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/c337727b-7a3b-4fa6-a428-3af96a0c4c54o%40googlegroups.com.
Jeff Dyke
Jul 8, 2020, 8:45:46 PM7/8/20
to ossec...@googlegroups.com
As Dan alluded to, I use a local postfix null mailer on my lan that sends to a postfix relay from a single/failover point that then sends to gmail.
Dan. I have a question for you, perhaps i should start a new thread, but you're so damn diligent about responding to queries, i thought i may just append to my answer. I know that OSSEC is EOL except for serious changes/bugs. I've used ossec for years and eventually moved to wazuh, which I appreciate the fact that your name is in the credits, What is the plan to support the current and non moving version of OSSEC?
Thank you for all of your efforts, being on this list for many years has taught me a lot about the underpinnings of your project!
Thanks,
Jeff
To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMob1QOQCTti8ryS1Ow9Ezkz5BrMd2Zy2jq1TzoPqarhrA%40mail.gmail.com.
dan (ddp)
Jul 9, 2020, 8:05:11 AM7/9/20
to ossec...@googlegroups.com
On Wed, Jul 8, 2020 at 8:45 PM Jeff Dyke <jeff...@gmail.com> wrote:
>
> As Dan alluded to, I use a local postfix null mailer on my lan that sends to a postfix relay from a single/failover point that then sends to gmail.
>
> Dan. I have a question for you, perhaps i should start a new thread, but you're so damn diligent about responding to queries, i thought i may just append to my answer. I know that OSSEC is EOL except for serious changes/bugs. I've used ossec for years and eventually moved to wazuh, which I appreciate the fact that your name is in the credits, What is the plan to support the current and non moving version of OSSEC?
>
This is news to me. AFAIK the project isn't dead, just moving very
>
> As Dan alluded to, I use a local postfix null mailer on my lan that sends to a postfix relay from a single/failover point that then sends to gmail.
>
> Dan. I have a question for you, perhaps i should start a new thread, but you're so damn diligent about responding to queries, i thought i may just append to my answer. I know that OSSEC is EOL except for serious changes/bugs. I've used ossec for years and eventually moved to wazuh, which I appreciate the fact that your name is in the credits, What is the plan to support the current and non moving version of OSSEC?
>
slowly. There's no commercial entity behind development, so it gets
the time and energy people put into it.
Jeff Dyke
Jul 11, 2020, 9:51:55 PM7/11/20
to ossec...@googlegroups.com
my bad Dan, i thought i remembered somewhere that it was only getting critical updates. Thanks for the people's time that gets put into it! Sorry for the confusion, on my part.
To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMrMtRcuw8J4%3DLz%2BAnEw8myd2H2Pd-wLPSwZgRfapUWgng%40mail.gmail.com.
dan (ddp)
Jul 13, 2020, 1:36:35 PM7/13/20
to ossec...@googlegroups.com
On Sat, Jul 11, 2020 at 9:51 PM Jeff Dyke <jeff...@gmail.com> wrote:
>
> my bad Dan, i thought i remembered somewhere that it was only getting critical updates. Thanks for the people's time that gets put into it! Sorry for the confusion, on my part.
>
No worries, there isn't a lot going on with the code base at the
>
> my bad Dan, i thought i remembered somewhere that it was only getting critical updates. Thanks for the people's time that gets put into it! Sorry for the confusion, on my part.
>
moment. Energy and spare time for hobbies don't come easily these
days.
Reply all
Reply to author
Forward
0 new messages