Hey, You are missing authentication to the gmail server. OSSEC will not handle authentication for you, the way to go is to setup a MTA on your OSSEC server. You can still use the gmail server from the MTA, configuring gmail authentication there. Then setup OSSEC to send notifications via localhost.
/valter On Sat, Dec 19, 2009 at 10:16 PM, Alekto Antarctica <[email protected]> wrote: > Hi! > I downloaded and successfully installed ossec hids v.2.3 today on my > Ubunt 8.10. But I still got problems receiving email notifications > send from my host to a gmail account. I have been googeling around, > and tried a lot of different settings in my /var/ossec/etc/ossec.conf > file. This is now my current <global> settings: > > <global> > <email_notification>yes</email_notification> > <email_to>[email protected]</email_to> > <smtp_server>alt1.gmail-smtp-in.l.google.com</smtp_server> > <email_from>oss...@myhostname</email_from> > </global> > > My syslog says: > > Dec 19 22:39:01 myhostname /USR/SBIN/CRON[11681]: (root) CMD ( [ -x > /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find > /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | > xargs -n 200 -r -0 rm) > Dec 19 22:40:02 myhostname /USR/SBIN/CRON[11828]: (smmsp) CMD (test -x > /etc/init.d/sendmail && /usr/share/sendmail/sendmail cron-msp) > Dec 19 22:40:02 myhostname sm-msp-queue[11847]: My unqualified host > name (myhostname) unknown; sleeping for retry > Dec 19 22:41:02 myhostname sm-msp-queue[11847]: unable to qualify my > own domain name (myhostname) -- using short name > Dec 19 22:52:09 antarctica -- MARK --t > > Out of this syslog I am quite sure that my hostname could be the > problem. My hostname matches the ip 127.0.1.1 in my /etc/hosts while > localhost matches the 127.0.0.1 ip. > I have tried to use "localhost" as my hostname in the <email_from> > seection, as well as adding my ISP ip domain name after my hostname > (myhostname.isp-domain-name). > And I have also to restart my sendmail (I don`t know if this could > have any effect at all), I have been trying other gmail-smtp servers, > and my email alert level is at 7. > > I hope some of you that use gmail for email notifications, could give > me some hints on how to make ossec work together with gmail. Or if > anybody got some suggestions for other sulutions on how I can receive > my ossec notifications. > > X Alekto >
