[ossec-list] Re: New to ossec

Thu, 06 Jul 2006 12:20:44 -0700


Ok, I'm a rock.  I figured out what the issue was.  When I reinstalled this morning, it self discovered the mail server, problem with that mail server is doesn't allow relaying so that's why I didn't get the messages once it changed to that mail server it stopped.  I looked at the logs and seen Mail delivery errors and figured it out from there.  Thanks Sorry for the error.

P.S

Great tool - Really nice job.

Tommy Gast
NCI Security
312-583-3619


"Daniel Cid" <[EMAIL PROTECTED]>
Sent by: [email protected]

07/06/2006 02:01 PM

Please respond to
[email protected]
To
[email protected], Bubbacheese <[EMAIL PROTECTED]>
cc
Subject
[ossec-list] Re: New to ossec






Did you restart ossec after adding the log entry for snort? Can you show
us the output of:

cat /var/ossec/etc/ossec.conf
cat /var/ossec/logs/ossec.log

In addition to that, do you see the alerts showing up on the
/var/ossec/logs/alerts directory or they do not show up only in
the e-mail alerts?

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net


On 7/6/06, Bubbacheese <[EMAIL PROTECTED]> wrote:
>
> I've just downloaded and played around with OSSEC (Which is Great) and
> I'm trying to get my snort alerts sent to me via email.  But it doesn't
> seem to be working.  This is what I've added to the ossec.conf file.
>
>   <localfile>
>     <log_format>snort-full</log_format>
>     <location>/var/log/snort/alert</location>
>   </localfile>
>
> and this is the snort command line I use.
>
> snort -c /etc/snort/snort.conf -A full -D
>
> Snort is generating alerts, but I'm just not getting OSSEC to send this
> to me.  Thanks for the help.  Oh yea ver is the lastest from yesterday.
>
>
> >
>
ForwardSourceID:NT00001CEA    


This communication is from Navigant Consulting Inc. E-mail text or attachments may contain information which is confidential and may also be privileged. This communication is for the exclusive use of the intended recipient(s). If you have received this communication in error, please return it with the title "received in error" to [EMAIL PROTECTED], and then delete the email and destroy any copies of it. In addition, this communication is subject to, and incorporates by reference, additional disclaimers found in Navigant Consulting's "Email Disclaimer" section at www.NavigantConsulting.com.
--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Reply via email to