My global config looked something like this:
<global>
<email_notification>yes</email_notification>
<smtp_server>localhost.</smtp_server>
<email_to>[email protected]</email_to>
<email_from>[email protected]</email_from>
<email_idsname>Devserver</email_idsname>
</global>And the following header was added to the EMail: X-IDS-OSSEC: DevserverJust to be sure we are on the same page, this changes the headers in the emails, not the subject.
On 8/5/2015 1:33 PM, H Le wrote:
Thanks, Ryan. Please let me know your finding. On Tuesday, August 4, 2015 at 9:54:30 PM UTC-6, Ryan Schulze wrote: Yes, that should have picked up the change. Tomorrow I can try to set up a CentOS test environment to have a look at the .rpm. I don't have any OSSEC servers running on CentOS so I have no experience with what is in the rpm package and if it was compiled with any special settings. On 8/4/2015 5:17 PM, H Le wrote:Hi Ryan, Thanks for the reply. The 'X-IDS-OSSEC' did not at all show up. After I added the tags to the ossec.conf file, I ran '/var/ossec/bin/ossec-control restart' That should pick up the change, right? /var/ossec/bin/ossec-control restart Killing ossec-monitord .. Killing ossec-logcollector .. Killing ossec-remoted .. Killing ossec-syscheckd .. Killing ossec-analysisd .. Killing ossec-maild .. Killing ossec-execd .. OSSEC HIDS v2.8 Stopped Starting OSSEC HIDS v2.8 (by Trend Micro Inc.)... Started ossec-maild... Started ossec-execd... Started ossec-analysisd... Started ossec-logcollector... Started ossec-remoted... Started ossec-syscheckd... Started ossec-monitord... Completed. On Tuesday, August 4, 2015 at 3:15:22 PM UTC-6, Ryan Schulze wrote: I remember submitting that pull request for 2.8.0, so it should be in your 2.8.1 version (I didn't add any compile time options to deactivate it). Did you make sure that ossec-maild died when you restarted the ossec daemons (it may be an old process still delivering your mail that didn't pick up the change to ossec.conf)? Is the "X-IDS-OSSEC:" not showing up at all in your email headers, or is it there but just without any/empty value? On 8/4/2015 12:43 PM, H Le wrote:Hi, I am using ossec-hids-server-2.8.1-48.el6.art.x86_64.rpm to install an OSSEC server. In the ossec.conf file, I included <email_idsname>Development</email_idsname> in order to add a some text to the email header. But this configuration change did not produce any change in the email header. Just wondering if this RPM already includes support for email_idsname or if I miss any extra config. Thanks, -Hung Le----- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout <https://groups.google.com/d/optout>.----- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <javascript:>. For more options, visit https://groups.google.com/d/optout <https://groups.google.com/d/optout>.-- ---You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]>.For more options, visit https://groups.google.com/d/optout.
----- You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature
