On Tue, Aug 28, 2012 at 9:14 AM, ant's <[email protected]> wrote: > Hi all. I'm very new to OSSEC. I use a server-agent model. I wish to > generate alert for the following actions ( in agent side ): > > > 1) Sample Alert for delation of logs > > > I added the rules for these in agent's ossec.conf using <localfile> tags. > Like this : > > <localfile> > <log_format>syslog</log_format> > <location>/var/log/syslog</location> > </localfile> > > > In my server's ossec.conf. I added the following : > > <global> > <email_notification>yes</email_notification> > <email_to>xxxx@xxxxxx</email_to> > <smtp_server>smtp.gmail.com</smtp_server> > <email_from>xxxx@xxx</email_from> > </global> > > And I restarted my server. Now I tried to delete the agents syslog file > using rm syslog. But no alerts has been triggered. > > Where I'm making the mistake? > >
I am not sure that works with ossec's config. I am doing the same approach as you, but I am using a real MTA (in my case, postfix) and works ok.
