Wazuh Alert Notification Issue — Emails Not Received for Multiple Alerts

110 views
Skip to first unread message

kali Linux

unread,
Oct 8, 2025, 2:50:02 AM10/8/25
to Wazuh | Mailing List
Good afternoon , all

I’m facing an issue with Wazuh alert notifications. It seems that email alerts are not being received for multiple alerts generated by the Wazuh manager.

I’ve already verified that the alerts are visible in the Wazuh dashboard, but the corresponding email notifications are not reaching the configured recipient addresses.

Screenshot From 2025-10-08 12-04-15.png

Could you please help check if there’s an issue with the Wazuh email alert configuration or the mail service integration?
If required, I can share the /var/ossec/logs/ossec.log or the alert configuration details for review.

Thank you,
SAI
ISS Technologies.

Bony V John

unread,
Oct 8, 2025, 3:04:05 AM10/8/25
to Wazuh | Mailing List
Hi,

Please allow me some time, I’m working on this and will get back to you with an update as soon as possible.  

Bony V John

unread,
Oct 8, 2025, 4:38:47 AM10/8/25
to Wazuh | Mailing List
Hi,

Based on your input, I have replicated the same use case on my end, and it is working fine for me.
For my testing, I used localhost as the SMTP server along with a Gmail account.

From your shared configuration, it seems that you are using the Office 365 mail server, but the configuration appears to be incorrect.
Please update your sender configuration as shown below:


Field              Value
Name            outlook-sender
From email  youra...@domain.com
Host              smtp.office365.com 
Port               587
Encryption    For testing, change to None.

Additional Steps:
  • Make sure you have followed the configuration steps mentioned in the Wazuh SMTP server documentation, adjusting the setup based on your mail server and email account.
  • After configuring, run the following command to verify if the SMTP settings are working properly:
echo "Test mail from postfix" | mail -s "Test Postfix" -r "<CONFIGURED_EMAIL>" <RECEIVER_EMAIL>

  • If you don’t receive the test email, check the mail log on your Wazuh Manager:
cat /var/log/maillog

Review the logs for any errors such as mail sending failed or message in queue.
If such logs are present, please share them along with your /etc/postfix/main.cf configuration file for further analysis.  

If SMTP Works Successfully

If you receive the test email, it confirms that the SMTP server configuration is correct.
Next, verify your notification channel configuration on the Wazuh Dashboard:

  1. Go to Notifications > Channels.

  2. Select the channel you created.

  3. On the top-right corner, click Actions > Send test message to confirm the configuration.

You can also refer to the Wazuh Integrations repository for more details about notification configurations.

Reply all
Reply to author
Forward
0 new messages