I'm trying to get daily report mailing working, as described at
http://www.ossec.net/dcid/?p=197
I've configured and bounced the master server, but after running both
a local and a remote syscheck, I got nothing. the server's maillog
also indicates that no mail was attempted out.
Did I misunderstand the feature, and it only emails the report every
day? if so, at what time? I assumed it would email the report after
the particular module was run (e.g. syscheck).
Here's the first part of my ossec.conf:
<ossec_config>
<global>
<email_notification>yes</email_notification>
<smtp_server>mx1.mycompany.com</smtp_server>
<email_to>[email protected]</email_to>
<email_from>[email protected]</email_from>
</global>
<reports>
<category>syscheck</category>
<title>Daily report: File changes</title>
<email_to>[email protected]</email_to>
</reports>
<rules>
I'm running v2.4.1:
[r...@sectest100 bin]# ./agent_control -i 000
OSSEC HIDS agent_control. Agent information:
Agent ID: 000 (local instance)
Agent Name: sectest100
IP address: 127.0.0.1
Status: Active/Local
Operating system: Linux sectest100 2.6.18-128.el5 #1 SMP Wed Dec
17 11..
Client version: OSSEC HIDS v2.4.1
Last keep alive: Not available
Syscheck last started at: Wed Aug 11 19:35:57 2010
Rootcheck last started at: Wed Aug 11 19:31:16 2010
