Hi Dan, Yes, thank you, i have been trying to get this working all day.
I am running ossec on an ubuntu 14.04 server and i need to be able to email alerts of course. I saw in a separate post that ossec actually needs smtp listening on the local server, and so i decided to use postfix as a relay. To make things more complicated, my mail server is in office 365. Here my configurations: /etc/postfix/main.cf (changes from original) smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_generic_maps = hash:/etc/postfix/generic myhostname = ossec-1.example.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = localhost.localdomain, localhost relayhost = smtp.office365.com:587 mynetworks = 127.0.0.0/8, 10.0.0.0/8 /etc/postfix/generic /.*/ [email protected] /etc/postfix/sasl_passwd [smtp.office365.com]:587 [email protected]:MyPassword ossec.conf <global> <jsonout_output>no</jsonout_output> <email_notification>yes</email_notification> <smtp_server>localhost</smtp_server> <email_to>[email protected]</email_to> <email_from>[email protected]</email_from> </global> I am sure postfix is listening on port 25: tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 947/master The error i get, even after enabling debug mode in ossec is not very helpful at all: 2016/09/28 09:36:04 ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server) nothing before or after that can be of help... Sorry i don't know what else to say Thanks a lot, hope you can help Laura On Wednesday, 28 September 2016 11:47:20 UTC+1, dan (ddpbsd) wrote: > > On Sep 28, 2016 6:42 AM, "Laura Herrera" <[email protected] <javascript:>> > wrote: > > > > Hi Theresa, > > > > Please can i ask how did you solve this problem? > > > > If you're having issues, you could post details and we could try to help. > > > Thanks a lot, > > Laura > > > > > > On Monday, 6 July 2015 18:35:50 UTC+1, theresa mic-snare wrote: > >> > >> OK, managed to fix this and face-palming myself.... > >> > >> i've tweaked the postfix config a bit, enabled the service and there we > go... > >> ossec-maild is now officially sending out alerts to my email address. > >> > >> theresa happy :) > >> > >> Am Sonntag, 5. Juli 2015 14:02:29 UTC+2 schrieb Daniil Svetlov: > >>> > >>> Theresa, try to issue command /var/ossec/bin/ossec-control enable > debug. It will increase log verbosity. Then restart OSSEC, and check > /var/ossec/log/ossec.log. > >>> Also after restart try to issue command "ps aux | grep ossec", and > check, that ossec-maild process is running. > >>> > >>> сб, 4 июля 2015 г. в 19:13, theresa mic-snare <[email protected]>: > >>>> > >>>> i've also tried disabling iptables, but that didn't help either... > >>>> but then again i can send out emails with mailx just find, so i don't > think it's iptables blocking anyway... > >>>> > >>>> any ideas? > >>>> > >>>> > >>>> Am Samstag, 4. Juli 2015 16:41:47 UTC+2 schrieb theresa mic-snare: > >>>>> > >>>>> Hi Daniil, > >>>>> > >>>>> I've already done that. The maillog doesn't show the mail being > sent, but there isn't an error either. It seems that the ossec-maild isn't > even relaying it to the local smtp mta (ssmtp) because as said before I can > send out mails with mailx just fine. > >>>>> > >>>>> The ossec.log doesn't even mention the ossec-maild even though the > process is running... > >>>>> Hmm > >>>> > >>>> -- > >>>> > >>>> --- > >>>> You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >>>> To unsubscribe from this group and stop receiving emails from it, > send an email to [email protected]. > >>>> For more options, visit https://groups.google.com/d/optout. > >>> > >>> -- > >>> > >>> -- > >>> С уважением, Светлов Даниил. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
