On Mon, Aug 9, 2010 at 8:34 AM, [email protected] <[email protected]> wrote: > There is nothing i can see from logs. Please find the process status > > > [r...@xxxxx~]# ps aux |grep ossec > ossecm 8556 0.0 0.0 3148 480 ? S 17:30 0:00 /var/ > ossec/bin/ossec-maild > root 8560 0.0 0.0 1796 424 ? S 17:30 0:00 /var/ > ossec/bin/ossec-execd > ossec 8564 0.1 0.0 4168 1764 ? S 17:30 0:02 /var/ > ossec/bin/ossec-analysisd > root 8568 0.0 0.0 3508 444 ? S 17:30 0:00 /var/ > ossec/bin/ossec-logcollector > ossecr 8574 0.0 0.0 23548 932 ? Sl 17:30 0:01 /var/ > ossec/bin/ossec-remoted > root 8580 0.4 0.0 3036 1628 ? S 17:30 0:08 /var/ > ossec/bin/ossec-syscheckd > ossec 8584 0.0 0.0 2428 464 ? S 17:30 0:00 /var/ > ossec/bin/ossec-monitord > ossecm 9158 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9159 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9160 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9161 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9162 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9163 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > ossecm 9164 0.0 0.0 0 0 ? Z 17:59 0:00 [ossec- > maild] <defunct> > root 9166 0.0 0.0 5232 624 pts/0 R+ 18:00 0:00 grep > ossec > > Regards, > Anoop Moahn
I'll ask since the crystal ball is in the shop. Are alerts being triggered? Are alerts being triggered of a high enough level to trigger an email? Are there any logs on the email server ossec-maild is trying to send through that would give you an idea as to why there are no emails? Have you tried killing the ossec-maild daemon and restarting it in debug mode (ossec/bin/ossec-maild -d)? Have you tried sniffing the traffic to see if SMTP communication is even attempted? Was there any useful information in the tcp stream?
