Configuring email alerts
82 views
Skip to first unread message
Aldriza Fariq Muhammad
Jun 14, 2022, 12:41:19 AM6/14/22
to Wazuh mailing list
Dear Wazuh Team,
we already Configuring email alerts, based on https://documentation.wazuh.com/current/user-manual/manager/manual-email-report/index.html. And we already succeed in sending a testing email using this command: echo "Test mail from postfix" | mail -s "Test Postfix" -r "aldriz...@gmail.com" aldriz...@gmail.com
But the email we still didn't receive the alarm yet even though we already set the email alert level set to level 2. Your help to resolve this issue will be appreciated, thank you
we already Configuring email alerts, based on https://documentation.wazuh.com/current/user-manual/manager/manual-email-report/index.html. And we already succeed in sending a testing email using this command: echo "Test mail from postfix" | mail -s "Test Postfix" -r "aldriz...@gmail.com" aldriz...@gmail.com
But the email we still didn't receive the alarm yet even though we already set the email alert level set to level 2. Your help to resolve this issue will be appreciated, thank you
elw...@wazuh.com
Jun 14, 2022, 1:54:06 AM6/14/22
to Wazuh mailing list
Hello Aldriza,
Have you configured the following options:
<global>
<email_notification>yes</email_notification>
<email_to>m...@test.com</email_to>
<smtp_server>localhost</smtp_server>
<email_from>wa...@test.com</email_from>
</global>
If not, please proceed with it and then restart the Wazuh manager.
If the emails are still not being sent, please share the logs files /var/ossec/logs/ossec.log and /var/log/mail, as well as the configuration file /var/ossec/etc/ossec.conf.
Regards,
Wali
Have you configured the following options:
<global>
<email_notification>yes</email_notification>
<email_to>m...@test.com</email_to>
<smtp_server>localhost</smtp_server>
<email_from>wa...@test.com</email_from>
</global>
If not, please proceed with it and then restart the Wazuh manager.
If the emails are still not being sent, please share the logs files /var/ossec/logs/ossec.log and /var/log/mail, as well as the configuration file /var/ossec/etc/ossec.conf.
Regards,
Wali
Aldriza Fariq Muhammad
Jun 14, 2022, 4:49:21 AM6/14/22
to Wazuh mailing list
Hi Elwali
attached are the logs files and configuration for
/var/ossec/logs/ossec.log and
/var/ossec/etc/ossec.conf.
For
/var/log/mail we didn't have the files yet, how to get those files?
Thank you so much for your help, really appreciate
elw...@wazuh.com
Jun 15, 2022, 3:35:45 AM6/15/22
to Wazuh mailing list
Hello,
Thanks for the provided information.
It seems that you are specifying the google SMTP in Wazuh configuration <smtp_server>smtp.google.com</smtp_server> but Wazuh does not handle the authentication to the SMTP's and it is the reason of using POSTFIX which you have already configured.
Having said that, you should use ` <smtp_server>localhost</smtp_server> and then restart the Wazuh manager(assuming that you have installed postfix in the same box as the Wazuh manager).
Hope this helps.
Regards,
Wali
Thanks for the provided information.
It seems that you are specifying the google SMTP in Wazuh configuration <smtp_server>smtp.google.com</smtp_server> but Wazuh does not handle the authentication to the SMTP's and it is the reason of using POSTFIX which you have already configured.
Having said that, you should use ` <smtp_server>localhost</smtp_server> and then restart the Wazuh manager(assuming that you have installed postfix in the same box as the Wazuh manager).
Hope this helps.
Regards,
Wali
Aldriza Fariq Muhammad
Jun 16, 2022, 12:52:56 AM6/16/22
to Wazuh mailing list
Dear Wazuh Team
Thanks, the problem is solved.
Reply all
Reply to author
Forward
0 new messages