relay, no localhost
Wazuh estoy
I'm having a problem with wazuh. We have it mounted on k8s with a container.
The thing is that we have set up the relay.empresa.com configuration as smtp_server.
We have tested a telnet to the relay and we arrive without problem using port 587.
The thing is that my wazuh gives me:
Mar 19, 2024 @ 11:47:46.000 wazuh-maild INFO Started (pid: 5671).
Mar 19, 2024 @ 11:47:46.000 wazuh-maild INFO Getting alerts in log format.
Lucio Donda
Have you followed our guide for this purpose -> https://documentation.wazuh.com/current/user-manual/manager/manual-email-report/smtp-authentication.html
How did you configured and setup de smtp server on the ossec.conf ?
Did you get any answer on the email test?
what about errors or warnings on the mail server logs?
Let me know how it goes and if possible do answer this email on the answer to all in order other users get access to it.
Lucio Donda
Hello,
I'll give you my ossec.conf configuration:<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>relay.we-accom.eu</smtp_server>
<email_from>--...@----.com</email_from>
<email_to>--...@----.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<queue_size>262144</queue_size>
<agents_disconnection_time>20s</agents_disconnection_time>
<agents_disconnection_alert_time>100s</agents_disconnection_alert_time>
</global>
I didn't receive any response either way. I want to make it clear that the relay I am mounting is not on the same POD or machine. It is a relay that I mount externally.
The errors I get are the ones that Wazuh gives me when it tries to send an email.
How did you configure that relay.we-accom.eu ?
As I said earlier, did you get any log in the smtp machine?
As you said communication between machines shouldn't be a problem (either way double check for any firewall rule) so the error must be on the smtp server side.
Another option would be to set monitord.debug=2 on the internal options file (on wazuh manager) After that a restart is needed.
Tell me how that goes.
Lucio Donda
https://groups.google.com/g/wazuh/c/fR7Y8ldSFIM/m/h4C7ko7yAAAJ
Hello,
I'll give you my ossec.conf configuration:
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>yes</email_notification>
<smtp_server>relay.we-accom.eu</smtp_server>
<email_from>notific...@empresa.com</email_from>
<email_to>it.si...@empresa.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<queue_size>262144</queue_size>
<agents_disconnection_time>20s</agents_disconnection_time>
<agents_disconnection_alert_time>100s</agents_disconnection_alert_time>
</global>
I didn't receive any response either way. I want to make it clear that the relay I am mounting is not on the same POD or machine. It is a relay that I mount externally.
The errors I get are the ones that Wazuh gives me when it tries to send an email.
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/fR7Y8ldSFIM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/e9f0d71f-4d80-4a00-8523-b380eb3b9090n%40googlegroups.com.
 | Lucio Donda C/C++ Developer - Core Engine - RunTime Terror |