Greetings, We are using OSSEC as provided by CloudAware. I'm in the process of setting up some custom alerts for testing, alerts I would like to receive via email.
I am able to send email from the Linux host via the following: echo "test" | mail -s "subject line" [email protected] To help troubleshoot, I've set the following debug options in internal_options.conf: syscheck.debug=1 agent.debug=1 And here is what I've configured in ossec.conf: <ossec_config> <client> <server-hostname>cloud aware server</server-hostname> </client> <global> <email_notification>yes</email_notification> <email_to>my email address</email_to> <smtp_server>127.0.0.1</smtp_server> <email_from>[email protected]</email_from> </global> <email_alerts> <level>1</level> <do_not_delay /> </email_alerts> I see no errors in the ossec.log file that indicates that it's even attempting to send mail. Am I correct that it should attempt to send me an email each time I restart OSSEC - that looks to be a level 7 alert. Any suggestions for troubleshooting would be MUCH appreciated - it feels like there might be an override setting that I'm simply not aware of, but I have yet to find anything of that nature. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
