Hello,
I'm using the latest ossec (2.0) in this setup : one server and a few agents
connected to it .
Today,a strange issue occured : no more emails are sent when an event is
detected .Nothing changed,nobody modified the files .In the webui and
alerts.log the events show up .
In the ossec.log there is nothing noticing a problem .Also,in my maillog I
don't see any request from ossec for connection .
The email related part from ossec.conf looks like :
<ossec_config>
<global>
<email_notification>yes</email_notification>
<email_to>r...@localhost</email_to>
<smtp_server>127.0.0.1</smtp_server>
<email_from>[email protected]</email_from>
</global>
<email_alerts>
<email_to>[email protected]</email_to>
<event_location>dan-home</event_location>
<level>2</level>
<do_not_delay />
</email_alerts>
<email_alerts>
<email_to>[email protected]</email_to>
<event_location>agent1|agent2|agent3</event_location>
<level>2</level>
<do_not_delay />
</email_alerts>
I've seen that restarting ossec-control from server solves the
problem...temporary. In a few minutes it stops sending emails again .
Where should I look to solve this ?
Thank you very much !
--
Dan
Bob Hope - "You know you are getting old when the candles cost more than
the cake."
