On Thu, Mar 3, 2016 at 1:28 PM, jkrew <jkroo...@gmail.com> wrote: > Ok, this is the agent. I thought one could configure the agent to fire off > emails because of this bit in the doc: > (http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.global.html) > > Supported types > > Global options are available in the the following installation types: > > server > local >
Neither of those are 'agent.' > So that helps me understand why it doesn't work, for sure. My purpose is to > measure how long it takes for the server to alert on an issue compared to > when it is first reported. I guess I won't use the email option for this. > I believe there's a rule for agents restarting, which could be sent out by the ossec server. > Thanks much - I can't believe I didn't catch this. > > On Thursday, March 3, 2016 at 1:12:25 PM UTC-5, dan (ddpbsd) wrote: >> >> On Thu, Mar 3, 2016 at 1:09 PM, jkrew <jkro...@gmail.com> wrote: >> > Greetings, >> > >> > We are using OSSEC as provided by CloudAware. I'm in the process of >> > setting >> > up some custom alerts for testing, alerts I would like to receive via >> > email. >> > >> > I am able to send email from the Linux host via the following: >> > echo "test" | mail -s "subject line" mye...@domain.name >> > >> > To help troubleshoot, I've set the following debug options in >> > internal_options.conf: >> > syscheck.debug=1 >> > agent.debug=1 >> > >> > And here is what I've configured in ossec.conf: >> > >> > >> > <ossec_config> >> > <client> >> > <server-hostname>cloud aware server</server-hostname> >> >> Is this an agent or the server? >> >> > </client> >> > >> > <global> >> > <email_notification>yes</email_notification> >> > <email_to>my email address</email_to> >> > <smtp_server>127.0.0.1</smtp_server> >> > <email_from>ro...@dns.name</email_from> >> > </global> >> > >> > <email_alerts> >> > <level>1</level> >> > <do_not_delay /> >> > </email_alerts> >> > >> > I see no errors in the ossec.log file that indicates that it's even >> > attempting to send mail. Am I correct that it should attempt to send me >> > an >> > email each time I restart OSSEC - that looks to be a level 7 alert. >> > >> > Any suggestions for troubleshooting would be MUCH appreciated - it feels >> > like there might be an override setting that I'm simply not aware of, >> > but I >> > have yet to find anything of that nature. >> > >> >> agents do not send email, just the ossec server. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
