Snorby Email Issue
374 views
Skip to first unread message
Saeed khan
Jun 1, 2012, 7:51:55 AM6/1/12
to security-onion
Hi Doug,
I am having issue with the snorby alerts and read this article:
http://code.google.com/p/security-onion/wiki/Email
OSSEC email alert is working fine and am receiving such alerts but for
snorby alerts i don't know what is the issue.
Please provide me any solution, exim is must to install for snorby
alerts?
Regards,
Saeed
I am having issue with the snorby alerts and read this article:
http://code.google.com/p/security-onion/wiki/Email
OSSEC email alert is working fine and am receiving such alerts but for
snorby alerts i don't know what is the issue.
Please provide me any solution, exim is must to install for snorby
alerts?
Regards,
Saeed
Doug Burks
Jun 1, 2012, 4:50:20 PM6/1/12
to securit...@googlegroups.com
Hi Saeed,
I don't believe exim is required for Snorby to be able to send email.
I don't do this myself, so perhaps somebody else can chime in with
their successful Snorby email config.
Thanks,
Doug
--
Doug Burks | http://securityonion.blogspot.com
Don't miss SANS SEC503 Intrusion Detection In-Depth in
Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!
http://augusta.issa.org/drupal/SANS-Augusta-2012
I don't believe exim is required for Snorby to be able to send email.
I don't do this myself, so perhaps somebody else can chime in with
their successful Snorby email config.
Thanks,
Doug
Doug Burks | http://securityonion.blogspot.com
Don't miss SANS SEC503 Intrusion Detection In-Depth in
Augusta GA 6/11 - 6/16 | 10% discount for ISSA Members!
http://augusta.issa.org/drupal/SANS-Augusta-2012
Michael Iverson
Jun 2, 2012, 8:17:54 AM6/2/12
to securit...@googlegroups.com
Exim is definitely not required or recommended.
(Not that it's not a great program. You can do amazing thing with exim. However, it falls in to the category of bringing a bazooka to a knife fight.)
I use a package called nullmailer to forward system messages to my smtp server for delivery. It provides the standard sendmail interface to local programs, and it's only function is to forward the message to a more capable email server.
The setup steps are roughly this:
install:
sudo apt-get install nullmailer
edit /etc/mailname to hold your "from" domain name. (If you were google, you'd use "gmail.com".
edit /etc/nullmailer/adminaddr to contain the address you want mail to root to be routed to.
edit /etc/nullmailer/remotes to contain the mail server to forward email to.
That's about it for configuration. It can also do things like authentication with the remote server if you need that.
--
Dr. Michael Iverson
Director of Information Technology
Hatteras Printing
Dr. Michael Iverson
Director of Information Technology
Hatteras Printing
Doug Burks
Jun 5, 2012, 8:10:10 AM6/5/12
to securit...@googlegroups.com
Hi Michael,
Thanks for the tip on nullmailer! I've updated the Email page with
your instructions:
http://code.google.com/p/security-onion/wiki/Email
Do you have Snorby sending email through nullmailer? If so, what does
your config look like?
Thanks,
Doug
Thanks for the tip on nullmailer! I've updated the Email page with
your instructions:
http://code.google.com/p/security-onion/wiki/Email
Do you have Snorby sending email through nullmailer? If so, what does
your config look like?
Thanks,
Doug
Michael Iverson
Jun 5, 2012, 8:35:45 PM6/5/12
to securit...@googlegroups.com
I'm still working on the getting it running. I'll post the details soon. This week has been a bit hectic.
Reply all
Reply to author
Forward
0 new messages