FIX Email alerting
17 views
Skip to first unread message
Tengku Arya Saputra
Dec 25, 2025, 12:22:26 PM (15 hours ago) Dec 25
to Wazuh | Mailing List
Hello everyone,
I am having trouble with email alerts to Outlook.
I am using ossec.conf like this:
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>yes</logall>
<logall_json>yes</logall_json>
<email_notification>yes</email_notification>
<smtp_server>smtp.office365.com</smtp_server>
<email_from>no-r...@example.com</email_from>
<email_to>x...@example.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>15m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
<update_check>yes</update_check>
</global>
<email_alerts>
<email_to>x...@example.com</email_to>
<level>7</level>
<rule_id>100500, 100501, 100508, 100520, 100521, 100530, 100531</rule_id>
<do_not_delay/>
</email_alerts>
I have used the command and it went to my mail
echo “Test mail from postfix” | mail -s “HALLO AR” -r no-r...@example.com x...@example.com
The problem is that the alert based on rule.id does not appear, even though rule.id has been triggered in Wazuh Manager
Translated with DeepL.com (free version)
I am having trouble with email alerts to Outlook.
I am using ossec.conf like this:
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>yes</logall>
<logall_json>yes</logall_json>
<email_notification>yes</email_notification>
<smtp_server>smtp.office365.com</smtp_server>
<email_from>no-r...@example.com</email_from>
<email_to>x...@example.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>15m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
<update_check>yes</update_check>
</global>
<email_alerts>
<email_to>x...@example.com</email_to>
<level>7</level>
<rule_id>100500, 100501, 100508, 100520, 100521, 100530, 100531</rule_id>
<do_not_delay/>
</email_alerts>
I have used the command and it went to my mail
echo “Test mail from postfix” | mail -s “HALLO AR” -r no-r...@example.com x...@example.com
The problem is that the alert based on rule.id does not appear, even though rule.id has been triggered in Wazuh Manager
Translated with DeepL.com (free version)
Md. Nazmur Sakib
12:39 AM (3 hours ago) 12:39 AM
to Wazuh | Mailing List
Hello Tengku,
It seems to me the issue is with SMTP server name <smtp_server>smtp.office365.com</smtp_server>
Can you check the smtp_server address, if that is properly configured in the ossec.conf?
Have you configured the SMTP server with postfix, If you have check the config file.
(/etc/postfix/main.cf)
If you follow this document for configuration
https://medium.com/@kerberoasting/wazuh-and-office-365-email-notifications-c7de4aac0cda
The server name will be localhost.
<smtp_server>localhost</smtp_server>
Let me know if updating the SMTP server address in the ossec.conf solves your issue.
It seems to me the issue is with SMTP server name <smtp_server>smtp.office365.com</smtp_server>
Can you check the smtp_server address, if that is properly configured in the ossec.conf?
Have you configured the SMTP server with postfix, If you have check the config file.
(/etc/postfix/main.cf)
If you follow this document for configuration
https://medium.com/@kerberoasting/wazuh-and-office-365-email-notifications-c7de4aac0cda
The server name will be localhost.
<smtp_server>localhost</smtp_server>
Let me know if updating the SMTP server address in the ossec.conf solves your issue.
Reply all
Reply to author
Forward
0 new messages