Sorry Martin, I'm not sure what you're running into there.
I have this working in my production system: (1.6.1)
<global>
<email_notification>yes</email_notification>
<email_to>m...@email</email_to>
<smtp_server>my.server.net.</smtp_server>
<email_from>[email protected]</email_from>
<email_maxperhour>999</email_maxperhour>
</global>
<email_alerts>
<email_to>[email protected]</email_to>
<event_location>customerweb1|customerweb2</event_location>
<level>13</level>
</email_alerts>
It does send alerts to them on their servers based on the level. I have a
custom rule triggering at that level for them. I don't know why I have a
terminating . on my smtp_server.
While collecting this I notice there is also this section:
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>7</email_alert_level>
</alerts>
I don't know what levels you're looking at for your test messages, but you have
'5' in your examples -- have you reduced email_alert_level to 5?
HTH
Rick McClinton
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Martin
Sent: Wednesday, January 07, 2009 3:37 PM
To: ossec-list
Subject: [ossec-list] Re: Unable to send email to remote exchange server.
Importance: Low
Thank you both for your feedback.
Yes, the telnet was from the same server.
I have followed the wiki to setup granular alert notification but it
looks like it is buggy.
http://www.ossec.net/wiki/index.php/Know_How:GranularEmail
This config does _not_ work: (Used in the initial post I did.)
<ossec_config>
<global>
<email_notification>yes</email_notification>
<smtp_server>dns name of server</smtp_server>
<email_from>[email protected]</email_from>
<stats>4</stats>
<white_list>dns name of mail server</white_list>
<level>5</level>
</global>
<email_alerts>
<email_to>my email address</email_to>
<level>5</level>
<do_not_delay />
</email_alerts>
However, when I change the config to the following, I'm receiving
emails.
<ossec_config>
<global>
<email_notification>yes</email_notification>
<smtp_server>dns name of server</smtp_server>
<email_from>[email protected]</email_from>
<stats>4</stats>
<white_list>dns name of mail server</white_list>
<email_to>My email address</email_to>
<level>5</level>
</global>
I.e. Standard email setup in the global section works, but not using
granular configuration with <email_alerts>.
Any ideas?
Cheers
Martin
This message contains TMA Resources confidential information and is intended
only for the individual named. If you are not the named addressee you should
not disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be guaranteed to be
secure or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission. If verification is
required please request a hard-copy version.
