ELSA Email alerts configuration question

[Shane Mullins]

We are running SO 12.0.4.3. Everything is running great. The only issue we have is how to configure email alerts in ELSA. In our elsa_web.conf, we made these changes:

# Settings for email alerts
"email": {
# Uncomment this and set the correct SMTP server for your org to get email
"smtp_server": "164.106.112.205",
# Uncomment this to set the TO address for email if not using AD authentication to provide that info
"to": "tsmu...@mecc.edu",
"display_address": "norepl...@example.com",
"base_url" : "http://164.106.110.7/",
"subject": "ELSA Alert"
},

When we run a query with the limit:0, we get the:

Query x submitted. Batching because an unlimited number or large number of results has been requested. You will receive an email with your results.

But the link never arrives. Can someone please point me in the direction to troubleshoot our email setup?

Thanks
Shane

[Gavin Pyle]

You're supposed to be able to add nobatch:1 to your query and that will force it to run.

[Shane Mullins]

Thanks Gavin.  Your help is much appreciated.

--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/groups/opt_out.

[Martin Holste]

The query should execute eventually, though it could take a very long time depending on the query itself.  You may want to check web.log to see if there were any errors running it.  The cron.pl cron job will initiate batched queries.