Is there not a way to verify from the Ossec collector server? The bureaucratic 
layers to the email server logs are deep and wide such that no man can cross...

Patrick Swartz
UNIX Planning & Engineering (DSUSSE)
First Data 
402-777-7337 desk
402-201-1192 Company cell
402-871-8981 Personal cell



-----Original Message-----
From: [email protected] [mailto:[email protected]] On 
Behalf Of dan (ddp)
Sent: Monday, August 08, 2011 1:29 PM
To: [email protected]
Subject: Re: [ossec-list] Changed file alerts and emails

Check your email server's logs?

On Fri, Aug 5, 2011 at 8:32 AM, Patrick Swartz <[email protected]> wrote:
> We recently had several files get changed and using syscheck_control
> we can see that Ossec did alert on the change. However, we can't
> verify that the email was sent.  Our <email_alert_level> is set at 7
> and our <log_alert_level> is set at 5.  But in this example this would
> have been at least a 7, yes?
> How do I go back to verify if an email notification was sent or not?
>
> /syscheck_control -i 647 -f /bin/setfont
> Integrity changes for agent 'srvlx001(647) - 10.16.10.244':
> Detailed information for entries matching: '/bin/setfont'
>
> 62949500 Dec 26 ,0 - /bin/setfont
> File added to the database.
> Integrity checking values:
>    Size: 118456
>    Perm: rwxr-xr-x
>    Uid:  0
>    Gid:  0
>    Md5:  1b93a9014f95b1a4ffd6a7c01e77efc1
>    Sha1: f36ddf4c07a4379ea6a7d3783bf5b351faef030e
>
> 112418531 Jul 01 á*],0 - /bin/setfont
> File changed. - 1st time modified.
> Integrity checking values:
>    Size: >11448
>    Perm: rwxr-xr-x
>    Uid:  0
>    Gid:  0
>    Md5:  >c5cd9f082926e07453ee01fb16122f10
>    Sha1: >1cc841366200b35f756db0f61fce03fabd16e97b
>

-----------------------------------------
The information in this message may be proprietary and/or
confidential, and protected from disclosure.  If the reader of this
message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify First Data
immediately by replying to this message and deleting it from your
computer.

Reply via email to