ossec reports
66 views
Skip to first unread message
Sean Roe
Jul 11, 2017, 11:53:37 AM7/11/17
to ossec-list
Hi all,
I am trying to troubleshoot why I am not getting any daily reports and Im not really sure how to troubleshoot it. I have looked in the logs and I see entries like:
2017/07/11 00:01:34 ossec-monitord: INFO: Starting daily reporting for 'Daily report: File changes'
2017/07/11 00:01:54 ossec-monitord: INFO: Starting daily reporting for 'Daily report: File changes'
but I am not getting any output in my email. Here is the stanza from ossec.conf on the server:
<reports>
<category>syscheck</category>
<title>Daily report: File changes</title>
<email_to>se...@XXXXX.com</email_to>
<email_to>ma...@XXXXX.com</email_to>
</reports>
so any guidance would be helpful.
Thanks,
Sean
I am trying to troubleshoot why I am not getting any daily reports and Im not really sure how to troubleshoot it. I have looked in the logs and I see entries like:
2017/07/11 00:01:34 ossec-monitord: INFO: Starting daily reporting for 'Daily report: File changes'
2017/07/11 00:01:54 ossec-monitord: INFO: Starting daily reporting for 'Daily report: File changes'
but I am not getting any output in my email. Here is the stanza from ossec.conf on the server:
<reports>
<category>syscheck</category>
<title>Daily report: File changes</title>
<email_to>se...@XXXXX.com</email_to>
<email_to>ma...@XXXXX.com</email_to>
</reports>
so any guidance would be helpful.
Thanks,
Sean
Rocio Romero
Jul 11, 2017, 2:37:21 PM7/11/17
to ossec-list
Hi Sean,
You should have something like this:
In case you want to use an email that uses SMTP authentication you will need to configure a server relay.
Have you configured the global email options in the <global> section?
You should have something like this:
<ossec_config>
<global>
<email_notification>yes</email_notification>
<email_to>me@test.com</email_to>
<smtp_server>mail.test.com.</smtp_server>
<email_from>hello@test.com</email_from>
</global>
...
</ossec_config>
You can find more info about how to configure your manager to send email alerts or reports here.
Let me know if you have more questions!
Rocio
Sean Roe
Jul 11, 2017, 3:22:07 PM7/11/17
to ossec...@googlegroups.com
I have the following stanzas in my config:
<ossec_config>
<global>
<email_notification>yes</email_notification>
<email_to>se...@XXXXX.com</email_to>
<smtp_server>mail.XXXXX.com.</smtp_server>
<email_from>oss...@ossec.XXXXX.com</email_from>
</global>
# Database section here<smtp_server>mail.XXXXX.com.</smtp_server>
<email_from>oss...@ossec.XXXXX.com</email_from>
</global>
<reports>
<category>syscheck</category>
<title>Daily report: File changes</title>
<email_to>se...@XXXXX.com</email_to>
<email_to>ma...@XXXXX.com</email_to>
</reports>
I am getting OSSEC Notification emails now but no reports so I am a little confused.
Thanks,
Sean
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages