Modify format with SMTP server with authenticator
64 views
Skip to first unread message
Jorge Farias
Aug 9, 2022, 9:19:27 AM8/9/22
to Wazuh mailing list
Hello Wazuh Team,
I need to modify the format of the email message, for this I will use the following integration: custom-email-alert.py
<integration>
<name>custom-email-alerts</name>
<hook_url>emailre...@example.com</hook_url>
<level>10</level>
<group>multiple_drops|authentication_failures</group>
<alert_format>json</alert_format>
</integration>
But I need to configure it to take an smtp server with authentication, how can I adapt this integration to make it work?
Andres Micalizzi
Aug 9, 2022, 9:33:56 AM8/9/22
to Wazuh mailing list
Hi Jorge.
Thanks for using Wazuh.
You can find how to configure an SMTP server for wazuh email alerts, here.
Here you can find the basics on how to make email alerts to work, and you can check the configuration for email alerts in more detail, here.
In order for SMTP to work you will need to install Postfix service (or similar) in the manager machine or have the service enabled on a specifict URL so you can point the smtp server in the configuration block to it. Then the service can log into your smtp for the emails to be sent.
The custom-email-alert integration, where does it come from? I cannot see the code so I'm not able to guide you on why it is not working.
If you can share a screenshot of it, maybe we can give it a look.
I hope this clears your question. In case of further doubts, don't hesitate to ask.
Cheers,
Andrés
Thanks for using Wazuh.
You can find how to configure an SMTP server for wazuh email alerts, here.
Here you can find the basics on how to make email alerts to work, and you can check the configuration for email alerts in more detail, here.
In order for SMTP to work you will need to install Postfix service (or similar) in the manager machine or have the service enabled on a specifict URL so you can point the smtp server in the configuration block to it. Then the service can log into your smtp for the emails to be sent.
The custom-email-alert integration, where does it come from? I cannot see the code so I'm not able to guide you on why it is not working.
If you can share a screenshot of it, maybe we can give it a look.
I hope this clears your question. In case of further doubts, don't hesitate to ask.
Cheers,
Andrés
Jorge Farias
Aug 9, 2022, 10:28:11 AM8/9/22
to Wazuh mailing list
Hello Andres
Thanks for your reply.
I already have Postfix configured, but I don't want to use the native wazuh email alert.
I want to use a separate integration to be able to modify the format of the message.
I want to use a separate integration to be able to modify the format of the message.
I attach the integration code, and the configuration.
The only parameters that I change are the following
But it doesn't work
Sandra Ocando
Aug 19, 2022, 4:41:28 AM8/19/22
to Jorge Farias, Wazuh mailing list
Hi Jorge,
To use the SMTP server with authentication, configure the SMTP relay and set
Regarding your configuration, I've noticed it is referencing
To use the SMTP server with authentication, configure the SMTP relay and set
localhost as the email_server in the custom-email-alert.py script. Regarding your configuration, I've noticed it is referencing
custom-email-alerts but the script you shared is custom-email-alert (without the s ), please verify that the file name matches the Wazuh configuration. Also ensure that the file has the correct ownership and permissions by running:chown root:wazuh /var/ossec/integrations/custom-email-alert
chmod 750 /var/ossec/integrations/custom-email-alertNote that for Wazuh versions prior 4.3.x, the ownership should be
Finally, the <group> configuration for the integrator daemon uses commas instead of pipes to separate multiple entries, so the correct configuration in your case should be:
root:ossec.Finally, the <group> configuration for the integrator daemon uses commas instead of pipes to separate multiple entries, so the correct configuration in your case should be:
<integration>
<name>custom-email-alert</name>
<hook_url>em...@mycompany.com</hook_url>
<level>10</level>
<group>multiple_drops,authentication_failures</group>
<alert_format>json</alert_format>
</integration>Let us know if you have any questions.
Best regards,
Sandra.
Best regards,
Sandra.
==========================================================================================================================================LA INFORMACION AQUI CONTENIDA ES CONFIDENCIAL Y PARA USO DEL DESTINATARIO ARRIBA INDICADO.Si Ud. no es el destinatario, se le notifica que esta prohibida la revelacion del contenido de este mensaje.Si recibio esta informacion por error, le rogamos la destruya y nos contacte por telefono al +54-11-4546-5000 o por e-mail a in...@newsan.com.ar==========================================================================================================================================THE INFORMATION CONTAINED IN THIS E-MAIL IS PRIVILEGED AND CONFIDENTIAL AND IS INTENDED FOR THE EXCLUSIVE USE OF THE ADDRESSEE DESIGNATED ABOVE.If you are not the addressee, any disclosure, reproduction, or other dissemination or use of this communication is strictly prohibited.If you have received this e-mail by error please contact us immediately by phone: +54-11-4546-5000 or by e-mail to in...@newsan.com.ar==========================================================================================================================================--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/03853bef-db84-45eb-8a63-694f7e5c12c9n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages