Help to configure Email Notification and daily Mail report
Phuc Nguyen
Thank you for helping.
Wes Lambert
Phuc,
Could you more specifically explain how it is not working? What steps did you take to configure it?
Thanks,
Wes
I use Security Onion for my project, it's firt time I use it. But I would like to configure Email Alert, I used to cofigure by use link https://github.com/Security-Onion-Solutions/security-onion/wiki/Email but it not working.
Thank you for helping.
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Phuc Nguyen
Wes
> I Can sent Email from terminal. But I can't config sguil for send alert Email. How I can config sguil ?
Did you follow the steps here as well?
Thanks,
Wes
Phuc Nguyen
Wes Lambert
Yes, you can try it if you would rather it configure everything for you. It will download/install mailutils and postfix if they are not already installed.
Thanks,
Wes
Can I use "sudo so-email" for Automatic setup, I am try to use manual but it not working
Wes Lambert
What do you mean by "it is not working". What kind of error message do you receive?
Thanks,
Wes
I try with "sudo so-email" but it is still not working
Phuc Nguyen
Wes
> I try to using "sudo so-email" but not working. I try to manual install with postfix and mailutils. I can sent from my command line but sguil can't sent alert email automatic. I try to sent email with report but not working here some photo for my configure and error. help me
Phuc,
You can get an idea of how so-email configures sguild.email here:
https://github.com/Security-Onion-Solutions/securityonion-setup/blob/master/bin/so-email#L358-L365
As you can see, if using the method configured with Postifx/Mailutils as in so-email, you will need to set the SMTP server to "localhost", and the "to" address to "root@localhost". This will allow Sguil to forward alert emails to root's inbox -- from there, Postfix will relay the mail to the SMTP server.
Another note about using an external SMTP server -- if Gmail requires authentication, Im assuming authentication would need to be configured for Postfix, similar to here:
https://www.linode.com/docs/email/postfix/postfix-smtp-debian7
You can see how the notification address (in your cae, "phuc@....") and Postfix are configured with so-email here:
https://github.com/Security-Onion-Solutions/securityonion-setup/blob/master/bin/so-email#L324-L329
The "relayhost" variable in Postfix's main.cf should be the destination SMTP server (in your case, external SMTP server).
You'll need to modify /etc/aliases with your destination email address for root's mail and run newliases if it isn't already configured.
Hope this helps.
Thanks,
Wes
Phuc Nguyen
Wes
> Thanks for help, I understand problem, I try to edit my config file and when I type command "echo test | mail -s "test message" root@localhost" it will be sent to my Gmail. But sguil still can not send email report and alert.So sad
I can't say I use the Sguil reporting a lot, so I will have to take a look at this. Are you able to generate some Sguil events using tcpreplay and receive emails for those?
Ex. (On the sensor/standalone) sudo tcpreplay -ieth1 -M10 /opt/samples/*
(Replace eth1 with your sniffing interface)
Thanks,
Wes
Doug Burks
Sguil server. Take a look at /etc/sguil/sguil.conf.
On Wed, Oct 26, 2016 at 6:59 PM, Phuc Nguyen <nguyenp...@gmail.com> wrote:
> Thanks for help, I understand problem, I try to edit my config file and when I type command "echo test | mail -s "test message" root@localhost" it will be sent to my Gmail. But sguil still can not send email report and alert.So sad
>
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To post to this group, send email to securit...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Doug Burks