Not receiving email alerts after adding hard drive capacity
444 views
Skip to first unread message
Juan Ferdinan
Jun 9, 2022, 1:22:31 AM6/9/22
to Wazuh mailing list
Hello Everyone
Previously my wazuh server hard drive was full and now the capacity has been increased. The problem now is, I don't receive email alerts as usual, I've checked the configuration in ossec.conf and it's still the same as before, nothing has changed. Please help to solve my problem
Thanks & Regards
Randy
Adrián Jesús Peña Rodríguez
Jun 9, 2022, 3:04:09 AM6/9/22
to Wazuh mailing list
Hello Juan,
Before starting to check the status of Wazuh, we recommend you to restart the services:
service wazuh-manager restart
After restarting let’s check the status of Wazuh’s daemons:
service wazuh-manager status
The last step of these first checks is to review the ossec.conf file to check for errors that may clarify what is happening:
tail -n30 /var/ossec/logs/ossec.log | grep -i -E "error|warn"
I look forward to hearing from you, if you have any questions please do not hesitate to ask.
Juan Ferdinan
Jun 9, 2022, 3:46:13 AM6/9/22
to Wazuh mailing list
Hello Adrián
Here are the results
# service wazuh-manager restart
Restarting wazuh-manager (via systemctl): [ OK ]
# service wazuh-manager status
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild is running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...
# tail -n30 /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2022/06/09 14:14:29 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/nginx/error.log'.
Restarting wazuh-manager (via systemctl): [ OK ]
# service wazuh-manager status
wazuh-clusterd not running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild is running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...
# tail -n30 /var/ossec/logs/ossec.log | grep -i -E "error|warn"
2022/06/09 14:14:29 wazuh-logcollector: INFO: (1950): Analyzing file: '/var/log/nginx/error.log'.
Adrián Jesús Peña Rodríguez
Jun 9, 2022, 4:04:27 AM6/9/22
to Wazuh mailing list
There seems to be no errors and maild is running, we need to confirm that the problem persists, in which case, let’s check the logs for maild.
To do this let’s execute the following command:
cat /var/ossec/logs/ossec.log | grep -i "wazuh-maild"
In addition, if the error persists it might help to look at the maild configuration (suppressing email addresses) to see if we can replicate the error.
Juan Ferdinan
Jun 9, 2022, 4:25:23 AM6/9/22
to Wazuh mailing list
How to look maild configuration?
Adrián Jesús Peña Rodríguez
Jun 9, 2022, 4:45:31 AM6/9/22
to Wazuh mailing list
The configuration related to email alerts is in the global section of the ossec.conf file as indicated here: https://documentation.wazuh.com/current/user-manual/manager/manual-email-report/#generic-email-options
If the value of email_notification is yes and there are no errors in the ossec.log file then there should be no problem and everything will work as expected.
Another thing you can check is the value of email_alert_level in the alerts section, by default this value is 12, which means that you will only receive email alerts for levels equal or higher than 12. It is possible that no alerts are currently being generated for these levels.
Juan Ferdinan
Jun 9, 2022, 10:07:37 PM6/9/22
to Wazuh mailing list
After i execute this following command
cat /var/ossec/logs/ossec.log | grep -i "wazuh-maild"
I get an error message like below
# cat /var/ossec/logs/ossec.log | grep -i "wazuh-maild"
2022/06/10 05:31:41 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:35:41 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:38:31 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:39:21 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:42:12 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:42:42 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:43:32 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:44:02 wazuh-maild: ERROR: date or location not NULL or p is NULL
2022/06/10 05:46:02 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:46:12 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:47:22 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:47:32 wazuh-maild: ERROR: date or location not NULL
2022/06/10 06:54:21 wazuh-maild: ERROR: date or location not NULL
2022/06/10 06:54:41 wazuh-maild: ERROR: date or location not NULL
2022/06/10 07:05:42 wazuh-maild: ERROR: date or location not NULL
2022/06/10 07:05:52 wazuh-maild: ERROR: date or location not NULL
2022/06/10 07:06:32 wazuh-maild: ERROR: date or location not NULL
2022/06/10 07:08:02 wazuh-maild: ERROR: date or location not NULL or p is NULL
2022/06/10 08:35:42 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:35:52 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:36:12 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:40:22 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:40:32 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:43:02 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:43:12 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:43:42 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:44:32 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:44:52 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:45:02 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:47:12 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:48:23 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:48:33 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:48:43 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:52:13 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:52:33 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:54:53 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:57:36 wazuh-maild: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2022/06/10 08:57:51 wazuh-maild: INFO: Started (pid: 20074).
2022/06/10 08:57:51 wazuh-maild: INFO: Getting alerts in log format.
2022/06/10 08:58:20 wazuh-maild: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2022/06/10 08:58:31 wazuh-maild: INFO: Started (pid: 21082).
2022/06/10 08:58:31 wazuh-maild: INFO: Getting alerts in log format.
2022/06/10 05:31:41 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:35:41 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:38:31 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:39:21 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:42:12 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:42:42 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:43:32 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:44:02 wazuh-maild: ERROR: date or location not NULL or p is NULL
2022/06/10 05:46:02 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:46:12 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:47:22 wazuh-maild: ERROR: date or location not NULL
2022/06/10 05:47:32 wazuh-maild: ERROR: date or location not NULL
2022/06/10 06:54:21 wazuh-maild: ERROR: date or location not NULL
2022/06/10 06:54:41 wazuh-maild: ERROR: date or location not NULL
2022/06/10 07:05:42 wazuh-maild: ERROR: date or location not NULL
2022/06/10 07:05:52 wazuh-maild: ERROR: date or location not NULL
2022/06/10 07:06:32 wazuh-maild: ERROR: date or location not NULL
2022/06/10 07:08:02 wazuh-maild: ERROR: date or location not NULL or p is NULL
2022/06/10 08:35:42 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:35:52 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:36:12 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:40:22 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:40:32 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:43:02 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:43:12 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:43:42 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:44:32 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:44:52 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:45:02 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:47:12 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:48:23 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:48:33 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:48:43 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:52:13 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:52:33 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:54:53 wazuh-maild: ERROR: date or location not NULL
2022/06/10 08:57:36 wazuh-maild: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2022/06/10 08:57:51 wazuh-maild: INFO: Started (pid: 20074).
2022/06/10 08:57:51 wazuh-maild: INFO: Getting alerts in log format.
2022/06/10 08:58:20 wazuh-maild: INFO: (1225): SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...
2022/06/10 08:58:31 wazuh-maild: INFO: Started (pid: 21082).
2022/06/10 08:58:31 wazuh-maild: INFO: Getting alerts in log format.
I have followed the configuration based on the link you provided https://documentation.wazuh.com/current/user-manual/manager/manual-email-report/#generic-email-options and I've also restarted the service, but the result is still the same, I don't receive email alerts
Juan Ferdinan
Jun 9, 2022, 10:16:52 PM6/9/22
to Wazuh mailing list
one more thing, I have also done the settings the value of email_alert_level in the alerts section to level 1
Adrián Jesús Peña Rodríguez
Jun 10, 2022, 3:25:03 AM6/10/22
to Wazuh mailing list
Hi Juan,
I have been reviewing this error and have found a possible solution. Let’s try modifying the following line in the ossec.conf file:
<email_log_source>alerts.log</email_log_source>
to:
<email_log_source>alerts.json</email_log_source>
After this change has been made, we will restart:
service wazuh-manager restart
If the error persists after changing the alerts to .json format, try removing that line from the configuration.
This error should be fixed in the latest versions of Wazuh, I hope this solves the problem, otherwise I look forward to your response to further investigate the error knowing the version of Wazuh you use.
More information:
Juan Ferdinan
Jun 13, 2022, 11:11:09 PM6/13/22
to Wazuh mailing list
Hello Adrián Jesús Peña Rodríguez
Sorry I just replied to your answer
I have tried the last solution you gave but still no change. Then I tried to follow the method in the following link https://documentation.wazuh.com/current/user-manual/manager/manual-email-report/smtp-authentication.html#smtp-authentication but still no change, then I tried to check the postfix status and I got the following error
# systemctl status postfix -l
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2022-06-09 15:04:44 WIB; 4 days ago
Process: 11471 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
Process: 29304 ExecReload=/usr/sbin/postfix reload (code=exited, status=0/SUCCESS)
Process: 11488 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 11485 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 11482 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 11560 (master)
CGroup: /system.slice/postfix.service
├─11560 /usr/libexec/postfix/master -w
├─29317 pickup -l -t unix -u
├─29318 qmgr -l -t unix -u
├─29319 trivial-rewrite -n rewrite -t unix -u
├─29320 smtp -t unix -u
├─29321 tlsmgr -l -t unix -u
├─29322 smtp -t unix -u
├─29323 smtp -t unix -u
├─29324 smtp -t unix -u
├─29325 smtp -t unix -u
├─29327 bounce -z -n defer -t unix -u
├─29328 bounce -z -n defer -t unix -u
├─29329 error -n retry -t unix -u
├─29330 error -n retry -t unix -u
├─29331 error -n retry -t unix -u
├─29332 bounce -z -n defer -t unix -u
├─29333 error -n retry -t unix -u
├─29334 error -n retry -t unix -u
├─29335 error -n retry -t unix -u
├─29336 error -n retry -t unix -u
├─29337 bounce -z -n defer -t unix -u
├─29338 bounce -z -n defer -t unix -u
├─29339 error -n retry -t unix -u
├─29340 error -n retry -t unix -u
├─29341 bounce -z -n defer -t unix -u
├─29342 bounce -z -n defer -t unix -u
└─29343 error -n retry -t unix -u
Jun 14 09:52:03 elk-soc postfix/error[29333]: C44B2A796038: to=<x...@example.com>, relay=none, delay=411864, delays=411863/1.8/0/0, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
Jun 14 09:52:03 elk-soc postfix/error[29329]: C56F360C48C7: to=<x...@example.com>, relay=none, delay=348776, delays=348775/1.8/0/0.01, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
Jun 14 09:52:03 elk-soc postfix/error[29333]: D1D388000286: to=<x...@example.com>, relay=none, delay=411924, delays=411923/1.8/0/0, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
Jun 14 09:52:03 elk-soc postfix/error[29329]: D5FDB8000289: to=<x...@example.com>, relay=none, delay=411924, delays=411923/1.8/0/0, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
Jun 14 09:52:03 elk-soc postfix/error[29330]: D3E998000287: to=<x...@example.com>, relay=none, delay=411924, delays=411923/1.8/0/0, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
Jun 14 09:52:03 elk-soc postfix/error[29340]: C6B52A000046: to=<x...@example.com>, relay=none, delay=348776, delays=348775/1.8/0/0.02, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2022-06-09 15:04:44 WIB; 4 days ago
Process: 11471 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS)
Process: 29304 ExecReload=/usr/sbin/postfix reload (code=exited, status=0/SUCCESS)
Process: 11488 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Process: 11485 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 11482 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Main PID: 11560 (master)
CGroup: /system.slice/postfix.service
├─11560 /usr/libexec/postfix/master -w
├─29317 pickup -l -t unix -u
├─29318 qmgr -l -t unix -u
├─29319 trivial-rewrite -n rewrite -t unix -u
├─29320 smtp -t unix -u
├─29321 tlsmgr -l -t unix -u
├─29322 smtp -t unix -u
├─29323 smtp -t unix -u
├─29324 smtp -t unix -u
├─29325 smtp -t unix -u
├─29327 bounce -z -n defer -t unix -u
├─29328 bounce -z -n defer -t unix -u
├─29329 error -n retry -t unix -u
├─29330 error -n retry -t unix -u
├─29331 error -n retry -t unix -u
├─29332 bounce -z -n defer -t unix -u
├─29333 error -n retry -t unix -u
├─29334 error -n retry -t unix -u
├─29335 error -n retry -t unix -u
├─29336 error -n retry -t unix -u
├─29337 bounce -z -n defer -t unix -u
├─29338 bounce -z -n defer -t unix -u
├─29339 error -n retry -t unix -u
├─29340 error -n retry -t unix -u
├─29341 bounce -z -n defer -t unix -u
├─29342 bounce -z -n defer -t unix -u
└─29343 error -n retry -t unix -u
Jun 14 09:52:03 elk-soc postfix/error[29333]: C44B2A796038: to=<x...@example.com>, relay=none, delay=411864, delays=411863/1.8/0/0, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
Jun 14 09:52:03 elk-soc postfix/error[29329]: C56F360C48C7: to=<x...@example.com>, relay=none, delay=348776, delays=348775/1.8/0/0.01, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
Jun 14 09:52:03 elk-soc postfix/error[29333]: D1D388000286: to=<x...@example.com>, relay=none, delay=411924, delays=411923/1.8/0/0, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
Jun 14 09:52:03 elk-soc postfix/error[29329]: D5FDB8000289: to=<x...@example.com>, relay=none, delay=411924, delays=411923/1.8/0/0, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
Jun 14 09:52:03 elk-soc postfix/error[29330]: D3E998000287: to=<x...@example.com>, relay=none, delay=411924, delays=411923/1.8/0/0, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
Jun 14 09:52:03 elk-soc postfix/error[29340]: C6B52A000046: to=<x...@example.com>, relay=none, delay=348776, delays=348775/1.8/0/0.02, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server smtp.gmail.com[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
Does this have anything to do with the error I'm experiencing? As additional information, previously I did not make any settings in this section and everything went smoothly, until in the end an error occurred when I added the hard drive capacity on the server.
Juan Ferdinan
Jun 13, 2022, 11:14:00 PM6/13/22
to Wazuh mailing list
sorry one more information is left behind, I am using the wazuh version 
Adrián Jesús Peña Rodríguez
Jun 14, 2022, 3:20:57 AM6/14/22
to Wazuh mailing list
Hello Juan,
It is possible that the change is related to the email account used, this error:
Jun 14 09:52:03 elk-soc postfix/error[29329]: C56F360C48C7: to=<[x...@example.com](https://groups.google.com/)>, relay=none, delay=348776, delays=348775/1.8/0/0.01, dsn=4.7.8, status=deferred (delivery temporarily suspended: SASL authentication failed; server [smtp.gmail.com](http://smtp.gmail.com)[74.125.130.108] said: 535-5.7.8 Username and Password not accepted. Learn more at?535 5.7.8 [https://support.google.com/mail/?p=BadCredentials](https://support.google.com/mail/?p=BadCredentials) l20-20020a17090af8d400b001e02073474csm8205512pjd.36 - gsmtp)
This is because the Google account being used does not have the “less secure apps” option enabled. In order to authenticate through Postfix, the “less secure apps” option must be enabled for accounts that do not have two-factor authentication enabled: https://myaccount.google.com/lesssecureapps.
In case you do have two-factor authentication enabled you will need to create an application password, to do this you can follow these steps: https://support.google.com/accounts/answer/185833
Once you have done this and changed the settings (if you have created an application password), Postfix should be able to authenticate correctly.
Finally, I recommend you to update Wazuh to the latest stable version 4.3.4: https://documentation.wazuh.com/current/upgrade-guide/index.html
Juan Ferdinan
Jun 14, 2022, 4:30:26 AM6/14/22
to Wazuh mailing list
Hi Adrián Jesús Peña Rodríguez
After I followed the instructions from this link https://support.google.com/accounts/answer/185833 now i can receive the daily report by email.
Thank you for your support and your patience, you have done a great job.
Regards
Juan
Reply all
Reply to author
Forward
0 new messages