Can't receive mails for custom rules in wazuh
16 views
Skip to first unread message
Shreya Chakrabarty
Jun 1, 2026, 1:32:49 AM (6 days ago) Jun 1
to Wazuh | Mailing List
Hi team!
So I have created a custom rule in wazuh to detect SSL certificate expiration and to detect malware with Rule ids that start from 100001. While trying to test for malware using eicar test file (command successfully run), I am not able to receive the mail alerts. Not only this, the event can not been in my wazuh dashboard. I have already set up the postfix and it is working perfectly for the existing rules.
Md. Nazmur Sakib
Jun 1, 2026, 1:54:19 AM (6 days ago) Jun 1
to Wazuh | Mailing List
Hello Shreya,
I believe this is the reason you are not getting a mail alert for this specific rule.
Not only this, the event can not been in my wazuh dashboard.
For the mail alert, first, you need to make sure that this rule works and triggers alerts on the dashboard.
I suggest you review the custom rule you have written.
If you still face issues, can you share your rule so that I can have a look?
Also, share the logs from the ossec.log
cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
Also, if you can share any sample logs or any reference document you are following for the use case of this rule, it will be very helpful.
I will look forward to your update.
I believe this is the reason you are not getting a mail alert for this specific rule.
Not only this, the event can not been in my wazuh dashboard.
I suggest you review the custom rule you have written.
If you still face issues, can you share your rule so that I can have a look?
Also, share the logs from the ossec.log
cat /var/ossec/logs/ossec.log | grep -i -E "error|warn"
Also, if you can share any sample logs or any reference document you are following for the use case of this rule, it will be very helpful.
I will look forward to your update.
Reply all
Reply to author
Forward
0 new messages