#ifconfig -a eth0 has an ipaddress (ossec-server) eth1 broadcast running multicast eth2 broadcast multicast eth3 up veoSXar eunninf multicast eth4 broadcast multicast eth5 broadcast multicast lo up loopback running sit0 NOARP virbr0 has an ipaddress (122 subnet, could be our dns)
I ran tcpdump -i eth0 and it returned with a bunch of packets: 11:50:54.951833 IP ossec-server.ect.na.companyname.com .ssh > localmachine.ect.na.companyname.com P ### ack ### is what the gist of them looked like. On Monday, June 17, 2013 11:45:08 AM UTC-4, David Blanton wrote: > > Came up with two seaches > > Jun 17 11:05:52 ossec-server sendmail[28416]: r5HF5qov028416: to=ossecm, > ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, > pri=30037, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent > (r5HF5qSj028417 Message accepted for delivery) > Jun 17 11:05:52 ossec-server sendmail[28418]: r5HF5qSj028417: to=< > [email protected]>, ctladdr=< > [email protected]> (0/0), delay=00:00:00, > xdelay=00:00:00, mailer=local, pri=30675, dsn=2.0.0, stat=Sent > > I changed some addresses for company security. I may be new but I am not > seeing anything related to ATT and gmail (I recently added my gmail > address). If it's any help - this server is running within a network of our > own test and production servers, then a dmz, then the internet. So > technically it's a intranet. Do you think the port is blocked? I am > relatively new at the company as well so I am not sure which ports are > blocked, used, ect. > > Sorry for all the help I need.. You've been great. > > On Monday, June 17, 2013 11:38:36 AM UTC-4, dan (ddpbsd) wrote: >> >> On Mon, Jun 17, 2013 at 11:31 AM, David Blanton >> <[email protected]> wrote: >> > when i gedit /var/log/maillog >> > >> > I am not seeing any mail from ossecm@ossec-server. >> > >> > Just ossec-server sendmail: XXXXXXXXX: from<[email protected]. >> size-XXX >> > ect. >> > >> > Do you think this would be because I have Cacti running as well? It is >> > sending mail to root as well. >> > >> >> I don't think cacti is affecting anything. >> Try grepping for ossec: >> grep ossec /var/log/maillog* | more >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
