Hi! I downloaded and successfully installed ossec hids v.2.3 today on my Ubunt 8.10. But I still got problems receiving email notifications send from my host to a gmail account. I have been googeling around, and tried a lot of different settings in my /var/ossec/etc/ossec.conf file. This is now my current <global> settings:
<global> <email_notification>yes</email_notification> <email_to>[email protected]</email_to> <smtp_server>alt1.gmail-smtp-in.l.google.com</smtp_server> <email_from>oss...@myhostname</email_from> </global> My syslog says: Dec 19 22:39:01 myhostname /USR/SBIN/CRON[11681]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm) Dec 19 22:40:02 myhostname /USR/SBIN/CRON[11828]: (smmsp) CMD (test -x /etc/init.d/sendmail && /usr/share/sendmail/sendmail cron-msp) Dec 19 22:40:02 myhostname sm-msp-queue[11847]: My unqualified host name (myhostname) unknown; sleeping for retry Dec 19 22:41:02 myhostname sm-msp-queue[11847]: unable to qualify my own domain name (myhostname) -- using short name Dec 19 22:52:09 antarctica -- MARK --t Out of this syslog I am quite sure that my hostname could be the problem. My hostname matches the ip 127.0.1.1 in my /etc/hosts while localhost matches the 127.0.0.1 ip. I have tried to use "localhost" as my hostname in the <email_from> seection, as well as adding my ISP ip domain name after my hostname (myhostname.isp-domain-name). And I have also to restart my sendmail (I don`t know if this could have any effect at all), I have been trying other gmail-smtp servers, and my email alert level is at 7. I hope some of you that use gmail for email notifications, could give me some hints on how to make ossec work together with gmail. Or if anybody got some suggestions for other sulutions on how I can receive my ossec notifications. X Alekto
