[ossec-list] Email configuration issue

Glen Peterson Mon, 30 Mar 2020 11:00:22 -0700

I think my issue is my server's mail (postfix) configuration.  I can send 
an email from the command line like so:


$ sendmail -f root@localhost my.em...@company.com
This is a test.
.

I can see it get sent in /var/log/mail.log.  I get it (in my spam folder, 
but it's a start).

I added these settings to /var/ossec/etc/ossec.conf

  <global>
    <email_notification>yes</email_notification>
    <email_to>my.em...@company.com</email_to>
    <smtp_server>localhost</smtp_server>
    <email_from>root@localhost</email_from>
  </global>

Then:

sudo /var/ossec/bin/ossec-control stop

sudo /var/ossec/bin/ossec-control start
sudo tail -F /var/ossec/logs/ossec.log

It starts up fine - I can see a couple dozen new messages in the log (see 
the end of this email).  But there is no email, and no record of even an 
email attempt in /var/log/mail.log

I'm guessing that ossec doesn't send mail the same way I do when I test 
sendmail from the command line, but I don't know what it *does* do.

Then I tried:
$ whereis sendmail
sendmail: /usr/sbin/sendmail /usr/lib/sendmail 
/usr/share/man/man1/sendmail.1.gz
$ ls -l /usr/sbin/sendmail
-rwxr-xr-x 1 root root 26776 Oct 11  2018 /usr/sbin/sendmail

And changed
    <smtp_server>localhost</smtp_server>
to
    <smtp_server>/usr/sbin/sendmail</smtp_server>

stoped and started ossec-control: still no email.  Still no errors about 
emails.  Here is /var/ossec/logs/ossec.log from the latest attempt

2020/03/30 12:24:19 ossec-execd: INFO: Started (pid: 5337).
2020/03/30 12:24:19 ossec-agentd: INFO: Using notify time: 600 and max time 
to reconnect: 1800
2020/03/30 12:24:19 going daemon
2020/03/30 12:24:19 starting imsg stuff
2020/03/30 12:24:19 Creating socketpair()
2020/03/30 12:24:19 agentd imsg_init()
2020/03/30 12:24:19 os_dns imsg_init()
2020/03/30 12:24:19 ossec-agentd(1410): INFO: Reading authentication keys 
file.
2020/03/30 12:24:19 ossec-agentd: INFO: No previous counter available for 
'server1'.
2020/03/30 12:24:19 ossec-agentd: INFO: Assigning counter for agent 
server1: '0:0'.
2020/03/30 12:24:19 ossec-agentd: INFO: Assigning sender counter: 0:659
2020/03/30 12:24:19 rootcheck: System audit file not configured.
2020/03/30 12:24:19 ossec-agentd: INFO: Started (pid: 5341).
2020/03/30 12:24:19 ossec-agentd: INFO: Server 1: 172.24.16.158
2020/03/30 12:24:19 ossec-agentd: INFO: Trying to connect to server 
172.24.16.158, port 1514.
2020/03/30 12:24:19 INFO: Connected to 172.24.16.158 at address 
172.24.16.158, port 1514
2020/03/30 12:24:19 ossec-agentd: DEBUG: agt->sock: 11
2020/03/30 12:24:23 ossec-syscheckd: INFO: Started (pid: 5350).
2020/03/30 12:24:23 ossec-rootcheck: INFO: Started (pid: 5350).
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: '/etc', 
with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: 
'/usr/bin', with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: 
'/usr/sbin', with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: '/bin', 
with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: '/sbin', 
with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: Monitoring directory: '/boot', 
with options perm | size | owner | group | md5sum | sha1sum.
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/mtab'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/hosts.deny'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/mail/statistics'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/random-seed'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/random.seed'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/adjtime'
2020/03/30 12:24:23 ossec-syscheckd: INFO: ignoring: '/etc/httpd/logs'
2020/03/30 12:24:23 ossec-syscheckd: INFO: No diff for file: 
'/etc/ssl/private.key'
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file 
'/var/log/messages' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: 
'/var/log/messages'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file 
'/var/log/authlog' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: 
'/var/log/authlog'.
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: 
'/var/log/auth.log'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file 
'/var/log/secure' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: 
'/var/log/secure'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file 
'/var/log/xferlog' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: 
'/var/log/xferlog'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file 
'/var/log/maillog' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: 
'/var/log/maillog'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file 
'/var/www/logs/access_log' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: 
'/var/www/logs/access_log'.
2020/03/30 12:24:25 ossec-logcollector(1103): ERROR: Could not open file 
'/var/www/logs/error_log' due to [(2)-(No such file or directory)].
2020/03/30 12:24:25 ossec-logcollector(1950): INFO: Analyzing file: 
'/var/www/logs/error_log'.
2020/03/30 12:24:25 ossec-logcollector: INFO: Started (pid: 5346).
2020/03/30 12:24:27 ossec-logcollector: WARN: Process locked. Waiting for 
permission...
2020/03/30 12:24:40 ossec-agentd(4101): WARN: Waiting for server reply (not 
started). Tried: '172.24.16.158'.
2020/03/30 12:24:42 ossec-agentd: INFO: Trying to connect to server 
172.24.16.158, port 1514.
2020/03/30 12:24:42 INFO: Connected to 172.24.16.158 at address 
172.24.16.158, port 1514
2020/03/30 12:24:42 ossec-agentd: DEBUG: agt->sock: 15
2020/03/30 12:25:03 ossec-agentd(4101): WARN: Waiting for server reply (not 
started). Tried: '172.24.16.158'.
2020/03/30 12:25:23 ossec-agentd: INFO: Trying to connect to server 
172.24.16.158, port 1514.
2020/03/30 12:25:23 INFO: Connected to 172.24.16.158 at address 
172.24.16.158, port 1514
2020/03/30 12:25:23 ossec-agentd: DEBUG: agt->sock: 18


-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ossec-list/b43e9560-2236-4aaf-bad0-47ef91120f0a%40googlegroups.com.

[ossec-list] Email configuration issue

Reply via email to