Bizarre. /etc/resolv.conf shows the correct DNS. tcpdump -i eth0 and tcpdump -i eth6 are working.
I did a little digging into the ossecm user - I wanted to check it's sent maillogs so I attempted to ssh into it. It did not work - I believe there's no bin. I changed it using sudo chsh -s /bin/bash username and when I attempted to ssh again it still didn't work. I am going to attempt to play around with the <global> tag configurations. The issue may that I am not typing out the full address in the <email_to>, <smtp_server>, and <email_from> tags. For the URL, if I wanted to display ossec-server's Web UI, I would simply just type in http://ossec-server/ossec. I will add the [email protected] to all of them. Daniel - would it be possible to do this? Have the mail sent from root to root? <ossec_config> <global> <email_notification>yes</email_notification> <email_to>root@[email protected]</email_to> <smtp_server>[email protected]</smtp_server> <email_from>[email protected]</email_from> <email_maxperhour>20</email_maxperhour> </global> On Monday, June 17, 2013 12:35:21 PM UTC-4, dan (ddpbsd) wrote: > > On Mon, Jun 17, 2013 at 11:59 AM, David Blanton > <[email protected] <javascript:>> wrote: > > Nothing returned. > > > > I do restart the ossec by doing /var/bin/ossec-control restart many > times. > > > > Is there a way to change which port ossecm (mail sender) uses? how do i > add > > my intranet dns resolver to ossec, i believe that may be the issue. > > > > OSSEC should just use the system's resolver. So make sure the correct > dns server is listed in /etc/resolv.conf > > SMTP is done on port 25, so that's the port OSSEC uses. If you really > need to do something else, you'll have to change the source code and > recompile. > > > > > On Monday, June 17, 2013 11:47:31 AM UTC-4, dan (ddpbsd) wrote: > >> > >> On Mon, Jun 17, 2013 at 11:37 AM, David Blanton > >> <[email protected]> wrote: > >> > Jun 17 11:05:52 ossec-server sendmail[28416]: r5HF5qov028416: > to=ossecm, > >> > ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, > >> > pri=30037, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent > >> > (r5HF5qSj028417 Message accepted for delivery) > >> > Jun 17 11:05:52 ossec-server sendmail[28418]: r5HF5qSj028417: > >> > to=<[email protected]>, > >> > ctladdr=<[email protected]> (0/0), > >> > delay=00:00:00, > >> > xdelay=00:00:00, mailer=local, pri=30675, dsn=2.0.0, stat=Sent > >> > > >> > >> Now do this grep: > >> > >> `grep "txt.att.net" /var/log/maillog*` > >> > >> This will tell you if any attempts have been made to email that email > >> address. If nothing is returned, make sure you have restarted the > >> ossec processes on the server after making the changes to the > >> configuration. Also make sure ossec-maild is running. > >> > >> > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
