-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Forrest Aldrich wrote: > A small buglet: I just noticed that the SMTP headers for alerts contain > reference to a hostname "notify.ossec.net" >
Normally, I would look in the code to see what might be going on. But, I've got a lot of list-mail to catch up on. IIRC, this is set in the config file (and/or during the installation dialog). Check your <email_from> setting in etc/ossec.conf. It's also possible to get some sort of funky client translations in there. My messages come from "OSSEC HIDS", but the address is [EMAIL PROTECTED] > (see below) > > :-) > >>From [EMAIL PROTECTED] Mon Sep 18 17:26:07 2006 > Return-Path: [EMAIL PROTECTED] > X-Original-To: [EMAIL PROTECTED] > *Received: from notify.ossec.net *(server1.mydomain.net [192.168.1.10]) > by mail1.ext.mydomain.net (Postfix) with SMTP id D854C216C17 > for <[EMAIL PROTECTED]>; Mon, 18 Sep 2006 17:26:07 -0400 (EDT) > To: [EMAIL PROTECTED] > From: OSSEC HIDS <[EMAIL PROTECTED]> > Date: Mon, 18 Sep 2006 17:26:07 EDT > Subject: OSSEC Notification - server1 - Alert level 3 > Message-Id: <[EMAIL PROTECTED]> > - -- gentux echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge' gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239 D840 4CF0 39E2 18D3 4A9E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFE222TPA54hjTSp4RAiiCAJ4pDdU4p9lJ96Lcy6IvkSqkfkaIwgCg4SYh U3+uCnQAczMtF0nc++6B2z4= =+cp6 -----END PGP SIGNATURE-----
