On Wed, Aug 11, 2010 at 11:03 PM, x509v3 <[email protected]> wrote: > I'm trying to get daily report mailing working, as described at > http://www.ossec.net/dcid/?p=197 > > I've configured and bounced the master server, but after running both > a local and a remote syscheck, I got nothing. the server's maillog > also indicates that no mail was attempted out. > > Did I misunderstand the feature, and it only emails the report every > day? if so, at what time? I assumed it would email the report after > the particular module was run (e.g. syscheck). > > Here's the first part of my ossec.conf: > > <ossec_config> > <global> > <email_notification>yes</email_notification> > <smtp_server>mx1.mycompany.com</smtp_server> > <email_to>[email protected]</email_to> > <email_from>[email protected]</email_from> > </global> > > <reports> > <category>syscheck</category> > <title>Daily report: File changes</title> > <email_to>[email protected]</email_to> > </reports> > > <rules> > > I'm running v2.4.1: > [r...@sectest100 bin]# ./agent_control -i 000 > > OSSEC HIDS agent_control. Agent information: > Agent ID: 000 (local instance) > Agent Name: sectest100 > IP address: 127.0.0.1 > Status: Active/Local > > Operating system: Linux sectest100 2.6.18-128.el5 #1 SMP Wed Dec > 17 11.. > Client version: OSSEC HIDS v2.4.1 > Last keep alive: Not available > > Syscheck last started at: Wed Aug 11 19:35:57 2010 > Rootcheck last started at: Wed Aug 11 19:31:16 2010 >
The title of the entry you linked to is "Daily email reports." The reports are run daily. I'm not sure what time they are generally run, I'm guessing shortly after midnight.
