You can set up on OSSEC any SMTP server and it will use it to send the emails, BUT OSSEC is not able to use SMTP authentication.
Amazon SES works with TLS authentication so.. I don't think OSSEC out-the-box can use Amazon SES. Instead of that you can probably configure Amazon SES SMTP account into a local postfix server, and then set up OSSEC to send emails using postfix (I made this before with other SMTP TLS servers). OSSEC -> postfix -> Amazon SES. On Wednesday, March 30, 2016 at 11:36:41 AM UTC+2, sandeep wrote: > > Hi, > > Can i use third party email provider to send OSSEC emails ? For example > AWS's SES service. > > On Thu, Mar 24, 2016 at 3:27 PM, sandeep dubey <sandeep...@gmail.com > <javascript:>> wrote: > >> Thanks for the update. >> On 24-Mar-2016 3:09 PM, "dan (ddp)" <ddp...@gmail.com <javascript:>> >> wrote: >> >>> >>> On Mar 24, 2016 12:21 AM, "sandeep dubey" <sandeep...@gmail.com >>> <javascript:>> wrote: >>> > >>> > Got it, thanks much. Is it suggested to remove that line for these >>> rules ? >>> > >>> >>> That's between you and your security policy. I personally like 1002, I >>> even wrote a faq entry on it. >>> >>> > On Wed, Mar 23, 2016 at 7:52 PM, dan (ddp) <ddp...@gmail.com >>> <javascript:>> wrote: >>> >> >>> >> On Wed, Mar 23, 2016 at 10:19 AM, sandeep dubey >>> >> <sandeep...@gmail.com <javascript:>> wrote: >>> >> > Thanks Dan for the reply. >>> >> > >>> >> > I couldn't understand your comment - >>> >> > >>> >> > Both of these set: >>> >> > <options>alert_by_email</options> >>> >> > >>> >> >>> >> If you look at /var/ossec/rules/syslog_rules.xml, you can see rule >>> >> 10100 sets the above option. This means it will always send an email >>> >> when it is triggered. >>> >> Rule 1002 has the same option set. So no matter what your minimum rule >>> >> level is, these rules will trigger emails. >>> >> >>> >> > On Wed, Mar 23, 2016 at 7:37 PM, dan (ddp) <ddp...@gmail.com >>> <javascript:>> wrote: >>> >> >> >>> >> >> On Wed, Mar 23, 2016 at 10:01 AM, sandeep dubey >>> >> >> <sandeep...@gmail.com <javascript:>> wrote: >>> >> >> >> Ok, so it works when you use an individual email address, but >>> not when >>> >> >> >> you use a group? Which system handles the group email address? >>> Can >>> >> >> >> you check the logs there? >>> >> >> > >>> >> >> > Yes, when i use group emails are not being relayed. I am using >>> Google >>> >> >> > service. In logs i don't find anything except mentioned in >>> previous >>> >> >> > thread. >>> >> >> >>> >> >> Use tcpdump to see if there is any difference between the 2 email >>> >> >> addresses. >>> >> >> >>> >> >> >> >>> >> >> >> >>> >> >> >> > One more observation is that, even though email alerts is >>> configured >>> >> >> >> > for >>> >> >> >> > level 8, I am still getting alerts for level 2,3,4 etc. >>> >> >> >> > >>> >> >> >> >>> >> >> >> That's very strange. I trust you've verified that the rules of >>> level < >>> >> >> >> 8 that trigger email alerts don't have >>> >> >> >> "<options>alert_by_email</options>" set. >>> >> >> >> Which rules with level < 8 are triggering emails? >>> >> >> > >>> >> >> > >>> >> >> > Triggered emails are of level 2,4 and rules id is 1002,10100 >>> >> >> > >>> >> >> >>> >> >> Both of these set: >>> >> >> <options>alert_by_email</options> >>> >> >> >>> >> >> -- >>> >> >> >>> >> >> --- >>> >> >> You received this message because you are subscribed to the Google >>> Groups >>> >> >> "ossec-list" group. >>> >> >> To unsubscribe from this group and stop receiving emails from it, >>> send an >>> >> >> email to ossec-list+...@googlegroups.com <javascript:>. >>> >> >> For more options, visit https://groups.google.com/d/optout. >>> >> > >>> >> > >>> >> > >>> >> > >>> >> > -- >>> >> > Regards, >>> >> > Sandeep >>> >> > >>> >> > -- >>> >> > >>> >> > --- >>> >> > You received this message because you are subscribed to the Google >>> Groups >>> >> > "ossec-list" group. >>> >> > To unsubscribe from this group and stop receiving emails from it, >>> send an >>> >> > email to ossec-list+...@googlegroups.com <javascript:>. >>> >> > For more options, visit https://groups.google.com/d/optout. >>> >> >>> >> -- >>> >> >>> >> --- >>> >> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> >> To unsubscribe from this group and stop receiving emails from it, >>> send an email to ossec-list+...@googlegroups.com <javascript:>. >>> >> For more options, visit https://groups.google.com/d/optout. >>> > >>> > >>> > >>> > >>> > -- >>> > Regards, >>> > Sandeep >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an email to ossec-list+...@googlegroups.com <javascript:>. >>> > For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ossec-list+...@googlegroups.com <javascript:>. >>> For more options, visit https://groups.google.com/d/optout. >>> >> > > > -- > Regards, > Sandeep > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
