No email from one of three servers
21 views
Skip to first unread message
Burkhard Schultheis
Jan 27, 2020, 1:47:55 AM1/27/20
to ossec...@googlegroups.com
We have 3 servers running OSSEC (standalone). One server runs CentOS 6,
the two others opensuse 15.1. The configuration of OSSEC is almost
identical on all three servers (as close as possible).
The CentOS Server sends a lot of emails, one of the opensuse servers few
and the third server (opensuse) no emails. But in the log I see issues
they should lead to sending an email.
The server is able to send emails to the configured server. I see no
messages about errors sending emails. In /var/ossec/etc there is a copy
of resolv.conf. OSSEC version is 3.3.0.
What can I do?
Regards
Burkhard
the two others opensuse 15.1. The configuration of OSSEC is almost
identical on all three servers (as close as possible).
The CentOS Server sends a lot of emails, one of the opensuse servers few
and the third server (opensuse) no emails. But in the log I see issues
they should lead to sending an email.
The server is able to send emails to the configured server. I see no
messages about errors sending emails. In /var/ossec/etc there is a copy
of resolv.conf. OSSEC version is 3.3.0.
What can I do?
Regards
Burkhard
dan (ddp)
Jan 28, 2020, 6:54:44 AM1/28/20
to ossec...@googlegroups.com
If you have access to the mail server logs, you could check there.
Otherwise, you could use tcpdump to see if there are any issues.
> Regards
> Burkhard
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/e09db76d-cd10-5399-8d05-255480e9fba5%40web.de.
Schultheis Burkhard
Feb 7, 2020, 2:26:27 AM2/7/20
to ossec...@googlegroups.com
There is no issue sending to the smtp server, because other scripts send
successfully mails to this server. Only ossec does not send any mails,
as far as I can see. It's still a puzzle.
Thanks!
Regards
Burkhard
successfully mails to this server. Only ossec does not send any mails,
as far as I can see. It's still a puzzle.
Thanks!
Regards
Burkhard
Schultheis Burkhard
Feb 7, 2020, 5:43:59 AM2/7/20
to ossec...@googlegroups.com
Now I found ipv6 was disabled and the file /etc/services was very old.
Now these 2 configuration items are the same as on the other server
which is able to send emails. But the "problem" server is still not
sending ossec emails. In alerts.log I see the following 2 error messages:
getaddrinfo: System error
ERROR: Error Sending email to xxxxxxx. (smtp server)
First I didn't look in alerts.log! ;-)
What could be the reason for the getaddrinfo error? ipv6 is now enabled,
/var/ossec/etc/resolv.conf is a copy of /etc/resolv.conf and
/etc/services is the same as on the other server.
Regards
Burkhard
Am 28.01.2020 um 12:54 schrieb dan (ddp):
Now these 2 configuration items are the same as on the other server
which is able to send emails. But the "problem" server is still not
sending ossec emails. In alerts.log I see the following 2 error messages:
getaddrinfo: System error
ERROR: Error Sending email to xxxxxxx. (smtp server)
First I didn't look in alerts.log! ;-)
What could be the reason for the getaddrinfo error? ipv6 is now enabled,
/var/ossec/etc/resolv.conf is a copy of /etc/resolv.conf and
/etc/services is the same as on the other server.
Regards
Burkhard
Am 28.01.2020 um 12:54 schrieb dan (ddp):
Schultheis Burkhard
Feb 7, 2020, 7:32:51 AM2/7/20
to ossec...@googlegroups.com
Now I've put the IP address instead the name for the smtp server. Now I
get emails. But this is very mysterious for me! Before I replaced the
nameservers of the provider by the Google nameservers in
/var/ossec/etc/resolv.conf. Without success.
Regards
Burkhard
Am 28.01.2020 um 12:54 schrieb dan (ddp):
get emails. But this is very mysterious for me! Before I replaced the
nameservers of the provider by the Google nameservers in
/var/ossec/etc/resolv.conf. Without success.
Regards
Burkhard
Am 28.01.2020 um 12:54 schrieb dan (ddp):
dan (ddp)
Feb 7, 2020, 9:57:15 AM2/7/20
to ossec...@googlegroups.com
On Fri, Feb 7, 2020 at 5:43 AM Schultheis Burkhard
<burkhard....@gmail.com> wrote:
>
> Now I found ipv6 was disabled and the file /etc/services was very old.
> Now these 2 configuration items are the same as on the other server
> which is able to send emails. But the "problem" server is still not
> sending ossec emails. In alerts.log I see the following 2 error messages:
> getaddrinfo: System error
> ERROR: Error Sending email to xxxxxxx. (smtp server)
>
> First I didn't look in alerts.log! ;-)
>
> What could be the reason for the getaddrinfo error? ipv6 is now enabled,
> /var/ossec/etc/resolv.conf is a copy of /etc/resolv.conf and
> /etc/services is the same as on the other server.
>
3.4 made some improvements for systems that disable ipv6.
<burkhard....@gmail.com> wrote:
>
> Now I found ipv6 was disabled and the file /etc/services was very old.
> Now these 2 configuration items are the same as on the other server
> which is able to send emails. But the "problem" server is still not
> sending ossec emails. In alerts.log I see the following 2 error messages:
> getaddrinfo: System error
> ERROR: Error Sending email to xxxxxxx. (smtp server)
>
> First I didn't look in alerts.log! ;-)
>
> What could be the reason for the getaddrinfo error? ipv6 is now enabled,
> /var/ossec/etc/resolv.conf is a copy of /etc/resolv.conf and
> /etc/services is the same as on the other server.
>
https://github.com/ossec/ossec-hids/releases/tag/3.4.0
Reply all
Reply to author
Forward
0 new messages