Sender email address in Wazuh (ossec.conf)
Prachi Katakwar
Hi Team,
GoodMorning!!
Has anyone got idea on the below query,
We are not getting email notification if we give this particular <email_from> in ossec.conf wa...@access.hubseka.ericsson.net, the strange thing is it is passing from our smtp server whenever the alert is generated but the email notification is not coming in our mailbox
Infact if we give <email_from> as wa...@access.hubseka.ericsson.nett( adding extra t in net, the email notification would come in our mailbox)
If I check the ERROR logs in ossec.logs, don’t think this is the reason
Also if I check error in var/log/messages , is this can be the reason of not getting email notification from the particular sender address as mentioned above?
Or is it something to do with our smtp server? Any guidelines…
BR
//Prachi
Harshal Paliwal
Also can you please share the /var/log/maillog file and the output of below command?
cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
Prachi Katakwar
Hi Harshal,
- /etc/postfix/sasl_passwd file
[mailhost]:25 wa...@access.hubseka.ericsson.net: Password of Mailhost
- Also can you please share the /var/log/maillog file and the output of below command?
Although I have installed postfix and I am able to verify it using Test , but even though the postfix is running or dead , I do get the email using ossec.conf may be because our smtp server and Wazuh server are in same domain and network segment. The only strange thing is we are not getting email from valid domain.I am focussing on the fact that is there any problem on our Wazuh node or smtp server node.
- cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
BR
//Prachi
From: 'Harshal Paliwal' via Wazuh | Mailing List <wa...@googlegroups.com>
Sent: 30 October 2023 11:30
To: Wazuh | Mailing List <wa...@googlegroups.com>
Subject: Re: Sender email address in Wazuh (ossec.conf)
Hi Team,
Thanks for using the Wazuh.
Can you please let me know what email you have provided in the /etc/postfix/sasl_passwd file?
Also can you please share the /var/log/maillog file and the output of below command?
cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
Reference:
NOTE: Please hide your confidential details before sharing the info.
Waiting for your response soon.
On Monday, October 30, 2023 at 12:44:16 PM UTC+5:30 Prachi Katakwar wrote:
Hi Team,
GoodMorning!!
Has anyone got idea on the below query,
We are not getting email notification if we give this particular <email_from> in ossec.conf wa...@access.hubseka.ericsson.net, the strange thing is it is passing from our smtp server whenever the alert is generated but the email notification is not coming in our mailbox
Infact if we give <email_from> as wa...@access.hubseka.ericsson.nett( adding extra t in net, the email notification would come in our mailbox)
If I check the ERROR logs in ossec.logs, don’t think this is the reason
Also if I check error in var/log/messages , is this can be the reason of not getting email notification from the particular sender address as mentioned above?
Or is it something to do with our smtp server? Any guidelines…
BR
//Prachi
--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
wazuh+un...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/wazuh/5a462d68-ccc3-4783-8a4b-c609665f03aen%40googlegroups.com.
Benjamin Nworah
Thank you for using Wazuh.
Please give me some time to work on this and revert .
Benjamin Nworah
Reading your previous comment, the configuration works by adding "t" to wa...@access.hubseka.ericsson.net. This could be an issue with your SMTP server.
Kindly send me the output of the below commands. You should obfuscate sensitive information.
1. cat /etc/postfix/sasl_passwd
2. less /var/ossec/etc/ossec.conf | grep -i -A 4 "email_notification"
3. less /var/ossec/logs/ossec.log | grep -i mail
Regards,
Prachi Katakwar
Hi Benjamin,
Yes, even I strongly think that it could be a issue with SMTP server. Our SMTP colleague is looking into our SMTP server.
At the moment, we skip this, incase of issues/concerns regarding the Wazuh node will contact you.
Thank you.
BR
//Prachi
From: 'Benjamin Nworah' via Wazuh | Mailing List <wa...@googlegroups.com>
Sent: 31 October 2023 11:54
To: Wazuh | Mailing List <wa...@googlegroups.com>
Subject: Re: Sender email address in Wazuh (ossec.conf)
Hello Prachi,
Reading your previous comment, the configuration works by adding "t" to
wa...@access.hubseka.ericsson.net. This could be an issue with your SMTP server.
Kindly send me the output of the below commands. You should obfuscate sensitive information.
1. cat /etc/postfix/sasl_passwd
2. less /var/ossec/etc/ossec.conf | grep -i -A 4 "email_notification"
3. less /var/ossec/logs/ossec.log | grep -i mail
Regards,
On Tuesday, October 31, 2023 at 10:16:03 AM UTC+1 Benjamin Nworah wrote:
Hello Prachi,
Thank you for using Wazuh.
Please give me some time to work on this and revert .
Regards,
On Tuesday, October 31, 2023 at 8:38:34 AM UTC+1 Prachi Katakwar wrote:
Hi Harshal,
- /etc/postfix/sasl_passwd file
[mailhost]:25 wa...@access.hubseka.ericsson.net: Password of Mailhost
- Also can you please share the /var/log/maillog file and the output of below command?
Although I have installed postfix and I am able to verify it using Test , but even though the postfix is running or dead , I do get the email using ossec.conf may be because our smtp server and Wazuh server are in same domain and network segment. The only strange thing is we are not getting email from valid domain.I am focussing on the fact that is there any problem on our Wazuh node or smtp server node.
- cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
BR
//Prachi
From: 'Harshal Paliwal' via Wazuh | Mailing List <wa...@googlegroups.com>
Sent: 30 October 2023 11:30
To: Wazuh | Mailing List <wa...@googlegroups.com>
Subject: Re: Sender email address in Wazuh (ossec.conf)
Hi Team,
Thanks for using the Wazuh.
Can you please let me know what email you have provided in the /etc/postfix/sasl_passwd file?
Also can you please share the /var/log/maillog file and the output of below command?
cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
Reference:
NOTE: Please hide your confidential details before sharing the info.
Waiting for your response soon.
On Monday, October 30, 2023 at 12:44:16 PM UTC+5:30 Prachi Katakwar wrote:
Hi Team,
GoodMorning!!
Has anyone got idea on the below query,
We are not getting email notification if we give this particular <email_from> in ossec.conf wa...@access.hubseka.ericsson.net, the strange thing is it is passing from our smtp server whenever the alert is generated but the email notification is not coming in our mailbox
Infact if we give <email_from> as wa...@access.hubseka.ericsson.nett( adding extra t in net, the email notification would come in our mailbox)
If I check the ERROR logs in ossec.logs, don’t think this is the reason
Also if I check error in var/log/messages , is this can be the reason of not getting email notification from the particular sender address as mentioned above?
Or is it something to do with our smtp server? Any guidelines…
BR
//Prachi
--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/5a462d68-ccc3-4783-8a4b-c609665f03aen%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/aaad6fee-6c95-4d22-b6b8-ab8d71f2c407n%40googlegroups.com.