I think my issue is my server's mail (postfix) configuration. I can send an email from the command line like so:
I can see it get sent in /var/log/mail.log. I get it (in my spam folder, but it's a start).
It starts up fine - I can see a couple dozen new messages in the log (see the end of this email). But there is no email, and no record of even an email attempt in /var/log/mail.log
I'm guessing that ossec doesn't send mail the same way I do when I test sendmail from the command line, but I don't know what it *does* do.
stoped and started ossec-control: still no email. Still no errors about emails. Here is /var/ossec/logs/ossec.log from the latest attempt
2020/03/30 12:24:19 ossec-execd: INFO: Started (pid: 5337).
2020/03/30 12:24:19 ossec-agentd: INFO: Using notify time: 600 and max time to reconnect: 1800
2020/03/30 12:24:19 going daemon
2020/03/30 12:24:19 starting imsg stuff
2020/03/30 12:24:19 Creating socketpair()
2020/03/30 12:24:19 agentd imsg_init()
2020/03/30 12:24:19 os_dns imsg_init()
2020/03/30 12:24:19 ossec-agentd(1410): INFO: Reading authentication keys file.
2020/03/30 12:24:19 ossec-agentd: INFO: No previous counter available for 'server1'.
2020/03/30 12:24:19 ossec-agentd: INFO: Assigning counter for agent server1: '0:0'.
2020/03/30 12:24:19 ossec-agentd: INFO: Assigning sender counter: 0:659
2020/03/30 12:24:19 rootcheck: System audit file not configured.
2020/03/30 12:24:19 ossec-agentd: INFO: Started (pid: 5341).
2020/03/30 12:24:19 ossec-agentd: INFO: Server 1: 172.24.16.158
2020/03/30 12:24:19 ossec-agentd: INFO: Trying to connect to server 172.24.16.158, port 1514.
2020/03/30 12:24:19 INFO: Connected to 172.24.16.158 at address 172.24.16.158, port 1514
2020/03/30 12:24:19 ossec-agentd: DEBUG: agt->sock: 11
2020/03/30 12:24:23 ossec-syscheckd: INFO: Started (pid: 5350).
2020/03/30 12:24:23 ossec-rootcheck: INFO: Started (pid: 5350).
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: '/etc', with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: '/usr/bin', with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: '/usr/sbin', with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: '/bin', with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: '/sbin', with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: '/boot', with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/mtab'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/mail/statistics'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/random-seed'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/random.seed'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/httpd/logs'
2020/03/30 12:24:23 ossec-syscheckd: INFO: No diff for file: '/etc/ssl/private.key'
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file '/var/log/messages' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/messages'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file '/var/log/authlog' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/authlog'.
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/auth.log'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file '/var/log/secure' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/secure'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file '/var/log/xferlog' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/xferlog'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file '/var/log/maillog' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: '/var/log/maillog'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file '/var/www/logs/access_log' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: '/var/www/logs/access_log'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file '/var/www/logs/error_log' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: '/var/www/logs/error_log'.
2020/03/30 12:24:25 ossec-logcollector: INFO: Started (pid: 5346).
2020/03/30 12:24:27 ossec-logcollector: WARN: Process locked. Waiting for permission...
2020/03/30 12:24:40 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '172.24.16.158'.
2020/03/30 12:24:42 ossec-agentd: INFO: Trying to connect to server 172.24.16.158, port 1514.
2020/03/30 12:24:42 INFO: Connected to 172.24.16.158 at address 172.24.16.158, port 1514
2020/03/30 12:24:42 ossec-agentd: DEBUG: agt->sock: 15
2020/03/30 12:25:03 ossec-agentd(4101): WARN: Waiting for server reply (not started). Tried: '172.24.16.158'.
2020/03/30 12:25:23 ossec-agentd: INFO: Trying to connect to server 172.24.16.158, port 1514.
2020/03/30 12:25:23 INFO: Connected to 172.24.16.158 at address 172.24.16.158, port 1514
2020/03/30 12:25:23 ossec-agentd: DEBUG: agt->sock: 18