Change email from name or prepend tag in subject

Geoff Nordli

unread,

May 24, 2019, 11:51:17 AM5/24/19

to wa...@googlegroups.com

Hi.

I have a couple of different wazuh installations. I would like to
easily distinguish them in the email client. Right now the from name
says "Wazuh".

Is there a way to change the from name or prepend a tag in the subject.

thanks,

Geoff

Jesús Ángel González

unread,

May 24, 2019, 12:18:55 PM5/24/19

to Wazuh mailing list

Hi Geoff,

Wazuh has some hardcoded values for the mail module, we are working on it, further releases will have more
customizable options and different ways to pipe events to mail providers.

In the meantime, here is a workaround that I think would fit your needs. This solution needs to re-compile the Wazuh manager.

For the subject value, the affected line is https://github.com/wazuh/wazuh/blob/b3dc8c2fd5f0c9c554bc24537d23a84307d5f3da/src/os_maild/maild.h#L26

#define MAIL_SUBJECT "Wazuh notification - %s - Alert level %d"

Just replace Wazuh with WZ-PROD33 for example.

For the from value, the affected line is https://github.com/wazuh/wazuh/blob/b3dc8c2fd5f0c9c554bc24537d23a84307d5f3da/src/os_maild/sendcustomemail.c#L27, there you can see
__ossec_name, which is a defined value in https://github.com/wazuh/wazuh/blob/b3dc8c2fd5f0c9c554bc24537d23a84307d5f3da/src/headers/defs.h#L63

#define __ossec_name    "Wazuh"

Here you can do the same, replace Wazuh with your desired name.

Some notes you should take care of:

I didn’t the solution but it should work so please try it in a dev environment first.
For compiling the Wazuh manager with your own modifications follow our guide: https://documentation.wazuh.com/current/installation-guide/installing-wazuh-server/sources_installation.html#sources-installation
The above links refer to the v3.9.1 version of Wazuh.

And as I said, we are going to improve all the mail module, it needs some changes for customizing the emails, filtering, and many other enhancements.

Best regards,
Jesús

Geoff Nordli

unread,

May 24, 2019, 12:49:19 PM5/24/19

to Wazuh mailing list

Thank you for the quick reply Jesús.

I will wait for the customizable options.

Have a great day!!

Geoff

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/b513a43a-e965-446f-bf3b-5c0ccc127843%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Corey Penford

unread,

May 29, 2019, 3:51:26 PM5/29/19

to Wazuh mailing list

Is there no way currently to fix this in a RPM install? If not, is there rough idea if this customization would be in the next release/an ETA?

Jesús Ángel González

unread,

May 30, 2019, 11:58:10 AM5/30/19

to Wazuh mailing list

Hi Corey,

As I told Geoff, it’s hardcoded and the only way to achieve this task so far is compiling your manager again.

It doesn’t matter if it’s a DEB or RPM package, it’s in compilation time when we change those settings.

By the way, our @cicd-team has a concise guide about generating RPM packages from scratch, you can find it here: https://github.com/wazuh/wazuh-packages/tree/master/rpms#building-rpm-packages,
we don’t use to actively support custom packages but we are here to help so if you’d face any issue building the package or compiling from sources we’d be glad to help you.

Regarding the ETA, as I said, we are improving the mail daemon and it’s in our roadmap but I don’t know an exact release date where it will be published.

Regards,
Jesús

Reply all

Reply to author

Forward