Re: [ossec-list] No email from one of three servers
On Fri, Feb 7, 2020 at 5:43 AM Schultheis Burkhard wrote: > > Now I found ipv6 was disabled and the file /etc/services was very old. > Now these 2 configuration items are the same as on the other server > which is able to send emails. But the "problem" server is still not > sending ossec emails. In alerts.log I see the following 2 error messages: > getaddrinfo: System error > ERROR: Error Sending email to xxx. (smtp server) > > First I didn't look in alerts.log! ;-) > > What could be the reason for the getaddrinfo error? ipv6 is now enabled, > /var/ossec/etc/resolv.conf is a copy of /etc/resolv.conf and > /etc/services is the same as on the other server. > 3.4 made some improvements for systems that disable ipv6. https://github.com/ossec/ossec-hids/releases/tag/3.4.0 > Regards > Burkhard > > > Am 28.01.2020 um 12:54 schrieb dan (ddp): > > On Mon, Jan 27, 2020 at 1:47 AM Burkhard Schultheis > > wrote: > >> We have 3 servers running OSSEC (standalone). One server runs CentOS 6, > >> the two others opensuse 15.1. The configuration of OSSEC is almost > >> identical on all three servers (as close as possible). > >> > >> The CentOS Server sends a lot of emails, one of the opensuse servers few > >> and the third server (opensuse) no emails. But in the log I see issues > >> they should lead to sending an email. > >> > >> The server is able to send emails to the configured server. I see no > >> messages about errors sending emails. In /var/ossec/etc there is a copy > >> of resolv.conf. OSSEC version is 3.3.0. > >> > >> What can I do? > >> > > Are they sending to the same smtp server? > > If you have access to the mail server logs, you could check there. > > Otherwise, you could use tcpdump to see if there are any issues. > > > >> Regards > >> Burkhard > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send an > >> email to ossec-list+unsubscr...@googlegroups.com. > >> To view this discussion on the web visit > >> https://groups.google.com/d/msgid/ossec-list/e09db76d-cd10-5399-8d05-255480e9fba5%40web.de. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/7e7c2bf5-ea0b-d9f6-6621-6359b16a541c%40gmail.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMouT6yK2OqdmrJFF9NNtrapNuETLtYXXTPfO3tDTt6U2g%40mail.gmail.com.
Re: [ossec-list] No email from one of three servers
Now I've put the IP address instead the name for the smtp server. Now I get emails. But this is very mysterious for me! Before I replaced the nameservers of the provider by the Google nameservers in /var/ossec/etc/resolv.conf. Without success. Regards Burkhard Am 28.01.2020 um 12:54 schrieb dan (ddp): On Mon, Jan 27, 2020 at 1:47 AM Burkhard Schultheis wrote: We have 3 servers running OSSEC (standalone). One server runs CentOS 6, the two others opensuse 15.1. The configuration of OSSEC is almost identical on all three servers (as close as possible). The CentOS Server sends a lot of emails, one of the opensuse servers few and the third server (opensuse) no emails. But in the log I see issues they should lead to sending an email. The server is able to send emails to the configured server. I see no messages about errors sending emails. In /var/ossec/etc there is a copy of resolv.conf. OSSEC version is 3.3.0. What can I do? Are they sending to the same smtp server? If you have access to the mail server logs, you could check there. Otherwise, you could use tcpdump to see if there are any issues. Regards Burkhard -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/e09db76d-cd10-5399-8d05-255480e9fba5%40web.de. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/55d45c2a-e683-22ca-8ba4-fb8da8db185d%40gmail.com.
Re: [ossec-list] No email from one of three servers
Now I found ipv6 was disabled and the file /etc/services was very old. Now these 2 configuration items are the same as on the other server which is able to send emails. But the "problem" server is still not sending ossec emails. In alerts.log I see the following 2 error messages: getaddrinfo: System error ERROR: Error Sending email to xxx. (smtp server) First I didn't look in alerts.log! ;-) What could be the reason for the getaddrinfo error? ipv6 is now enabled, /var/ossec/etc/resolv.conf is a copy of /etc/resolv.conf and /etc/services is the same as on the other server. Regards Burkhard Am 28.01.2020 um 12:54 schrieb dan (ddp): On Mon, Jan 27, 2020 at 1:47 AM Burkhard Schultheis wrote: We have 3 servers running OSSEC (standalone). One server runs CentOS 6, the two others opensuse 15.1. The configuration of OSSEC is almost identical on all three servers (as close as possible). The CentOS Server sends a lot of emails, one of the opensuse servers few and the third server (opensuse) no emails. But in the log I see issues they should lead to sending an email. The server is able to send emails to the configured server. I see no messages about errors sending emails. In /var/ossec/etc there is a copy of resolv.conf. OSSEC version is 3.3.0. What can I do? Are they sending to the same smtp server? If you have access to the mail server logs, you could check there. Otherwise, you could use tcpdump to see if there are any issues. Regards Burkhard -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/e09db76d-cd10-5399-8d05-255480e9fba5%40web.de. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/7e7c2bf5-ea0b-d9f6-6621-6359b16a541c%40gmail.com.
