On Tue, Aug 28, 2012 at 9:38 AM, ant's <[email protected]> wrote: > So using this way works: > > <smtp_server>alt2.gmail-smtp-in.l.google.com</smtp_server> > > But it is going to spam folders! Which is kind of irritating. Are there any > ways in which I can authenticate email sender's id? > > And since I'm very new to the Ossec. I wonder there are no alerts.log in my > /ossec/etc/logs folder. But still I get email alerts. Isn't sound bad? >
/var/ossec/logs/alerts/alerts.log > On Tuesday, August 28, 2012 5:43:44 PM UTC+5:30, dan (ddpbsd) wrote: >> >> On Tue, Aug 28, 2012 at 5:14 AM, ant's <[email protected]> wrote: >> > Hi all. I'm very new to OSSEC. I use a server-agent model. I wish to >> > generate alert for the following actions ( in agent side ): >> > >> > >> > 1) Sample Alert for delation of logs >> > >> > >> > I added the rules for these in agent's ossec.conf using <localfile> >> > tags. >> > Like this : >> > >> > <localfile> >> > <log_format>syslog</log_format> >> > <location>/var/log/syslog</location> >> > </localfile> >> > >> > >> > In my server's ossec.conf. I added the following : >> > >> > <global> >> > <email_notification>yes</email_notification> >> > <email_to>xxxx@xxxxxx</email_to> >> > <smtp_server>smtp.gmail.com</smtp_server> >> > <email_from>xxxx@xxx</email_from> >> > </global> >> > >> > And I restarted my server. Now I tried to delete the agents syslog file >> > using rm syslog. But no alerts has been triggered. >> > >> > Where I'm making the mistake? >> > >> > >> >> Was no alert triggered (nothing in alerts.log) or are you just not >> getting the email for it?
