Re: [ossec-list] email_idsname does not work (ossec-hids-server-2.8.1-48)

[Ryan Schulze]

Yes, that should have picked up the change. Tomorrow I can try to set up a CentOS test environment to have a look at the .rpm. I don't have any OSSEC servers running on CentOS so I have no experience with what is in the rpm package and if it was compiled with any special settings.

On 8/4/2015 5:17 PM, H Le wrote:

Hi Ryan,

Thanks for the reply.  The 'X-IDS-OSSEC' did not at all show up.



/var/ossec/bin/ossec-control restart
Killing ossec-monitord ..
Killing ossec-logcollector ..
Killing ossec-remoted ..
Killing ossec-syscheckd ..
Killing ossec-analysisd ..
Killing ossec-maild ..
Killing ossec-execd ..
OSSEC HIDS v2.8 Stopped
Starting OSSEC HIDS v2.8 (by Trend Micro Inc.)...
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-remoted...
Started ossec-syscheckd...
Started ossec-monitord...
Completed.

On Tuesday, August 4, 2015 at 3:15:22 PM UTC-6, Ryan Schulze wrote:

    I remember submitting that pull request for 2.8.0, so it should be
    in your 2.8.1 version (I didn't add any compile time options to
    deactivate it).
    Did you make sure that ossec-maild died when you restarted the
    ossec daemons (it may be an old process still delivering your mail
    that didn't pick up the change to ossec.conf)?

    Is the "X-IDS-OSSEC:" not showing up at all in your email headers,
    or is it there but just without any/empty value?


    On 8/4/2015 12:43 PM, H Le wrote:

After I added the tags to the ossec.conf file, I ran '/var/ossec/bin/ossec-control restart' That should pick up the change, right?

    Hi,

    I am using ossec-hids-server-2.8.1-48.el6.art.x86_64.rpm to
    install an OSSEC server.  In the ossec.conf file, I included
    <email_idsname>Development</email_idsname> in order to add a some
    text to the email header.  But this configuration change did not
    produce any change in the email header.  Just wondering if this
    RPM already includes support for email_idsname or if I miss any
    extra config.

    Thanks,
    -Hung Le

    ---
    You received this message because you are subscribed to the
    Google Groups "ossec-list" group.
    To unsubscribe from this group and stop receiving emails from it,
    send an email to ossec-list+...@googlegroups.com <javascript:>.
    For more options, visit https://groups.google.com/d/optout
    <https://groups.google.com/d/optout>.

--

--

---

You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com <mailto:ossec-list+unsubscr...@googlegroups.com>.

For more options, visit https://groups.google.com/d/optout.

--


To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--- You received this message because you are subscribed to the Google Groups "ossec-list" group.

smime.p7s
Description: S/MIME Cryptographic Signature