Ossec-maild1223 Error Error Sending Email To 127.0.0.1 Smtp Server
Sign in Pricing Blog Support Search GitHub This repository Watch 258 Star 1,215 Fork 404 ossec/ossec-hids Code Issues 152 Pull requests 24 Projects 0 Wiki Pulse Graphs New issue Email alerts not working ossec-maild(1223): error: error sending email on OSSEC 2.8.1 Ubuntu #558 Closed finid opened this Issue Mar 1, 2015 ·
Ossec Smtp Server Authentication
11 comments Projects None yet Labels question Milestone No milestone Assignees No one assigned 7 participants finid ossec email settings commented Mar 1, 2015 I'm running a local installation of OSSEC on Ubuntu 14.04. I have SSMTP as the SMTP server and I can send test emails using ssmtp. I have the following email settings
Ossec Test Email
in ossec.conf. yes 14test@gmail.com localhost 14test@gmail.com But email alerts are not being sent. The lines in ossec.log are: ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server) Is this a known issue or is it just my settings that are off? ChristianBeer commented Mar 1, 2015 Please take a look at the ssmtp log file. It seems to me that it refuses to accept the mail. Perhaps ossec hids notification the wrong HELO line. This is hardcoded in ossec <= 2.8.1 to notify.ossec.net finid commented Mar 2, 2015 There's nothing in the system-wide mail error log, just those lines in ossec.log. Where is it hardcoded in OSSEC? santiago-bassett commented Mar 2, 2015 It's here: src/error_messages/error_messages.h:#define SNDMAIL_ERROR "%s(1223): ERROR: Error Sending email to %s (smtp server)" And here you have where that variable is used: santiago@Shark:~/Desktop/Github/ossec-hids$ grep -i -R SNDMAIL_ERROR * src/error_messages/error_messages.h:#define SNDMAIL_ERROR "%s(1223): ERROR: Error Sending email to %s (smtp server)" src/os_maild/maild.c: merror(SNDMAIL_ERROR, ARGV0, mail->smtpserver); src/os_maild/maild.c: merror(SNDMAIL_ERROR, ARGV0, mail->smtpserver); src/os_maild/maild.c: merror(SNDMAIL_ERROR, ARGV0, mail->smtpserver); src/os_maild/maild.c: merror(SNDMAIL_ERROR, ARGV0, mail->smtpserver); If I had to guess that doesn't look like a bug, but an issue with your SMTP server configuration. I would use tcpdump to see if there is traffic sent to the smtp server. I hope it helps, Santiago. … On Mon, Mar 2, 2015 at 3:03 AM, finid ***@***.***> wrote: There's nothing in the system-wide mail error log, just those lines in ossec.log. Where is it hardcoded in OSSEC? — Reply to this email directly or view it on GitHub <#558 (comment)>. finid commented Mar 2, 2015 Thanks. I'll take a closer look at tit. jblaine commented Mar 12, 2015 Please come back and close this i
with theossec-maild process. I'm relaying my emails through ssmtp, theconfiguration is valid because I'm able to send out mails to externaladdresses through mailx for instance. But
Ossec Email Alert Level Not Working
for some reason OSSEC just won'tsend any emails out.I have the following in my global ossec.confyes***@gmail.comlocalhost***@gmail.comSo by localhost or 127.0.0.1 it should use ssmtp to send out emails, right?Does the email_from field require to be a ***@realdomain? Or can this bea gmail address as well? So does it mean the ossecm user needs to send outthese https://github.com/ossec/ossec-hids/issues/558 alerts?Again tests to send out emails through ssmtp via mailx have beensuccessful. so I doubt it's a ssmtp issue here.Also what I find a little odd is that when i restart ossec throughossec-control all the services/processes should be restarted in a specificorder, right? however when I look at the ossec.log in/var/ossec/logs/ossec.log the ossec-maild isn't mentioned at http://ossec-list.narkive.com/j4N0jXzM/ossec-maild-not-sending-out-any-alerts-relaying-through-ssmtp all.... theprocess itself runs though, when i do a ps -ef |grep ossec-maildmy question now: how can I get the email notifcation in ossec to work?!thanks!-----You received this message because you are subscribed to the Google Groups "ossec-list" group.To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.For more options, visit https://groups.google.com/d/optout. Daniil Svetlov 2015-07-04 09:00:32 UTC ReplyPermalinkRaw Message Hello, Theresa!First of all check spam folder in your gmail account. Probably gmail justin it mail from OSSEC, because they not look valid.If you use SMTP server on localhost, check logs of MTA. It must be in/var/log/maillog.Post by theresa mic-snarehi ossec'ers,my problem is I can't send out any emails/alert notifications with theossec-maild process. I'm relaying my emails through ssmtp, theconfiguration is valid because I'm able to send out mails to externaladdresses through mailx for instance. But for some reason OSSEC just won'tsend any emails out.I have the following in my global ossec.confyeslocalhostSo by localhost or 127.0.0.1 it should use ssmtp to sen
notesto find out what has been updated in this release. « OSSEC Commercial Support Contracts CVE-2014-5284 Vulnerability Fixed in OSSEC 2.8.1 http://www.ossec.net/?p=1098 » 29 thoughts on “OSSEC 2.8 Released” pisop says June 5, 2014 at 9:46 am gracias Reply Marc Wickenden says June 5, 2014 at 10:57 am The checksum links on the download page for 2.8 are broken. The correct link appears to behttp://www.ossec.net/files/ossec-hids-2.8-checksum.txt. Note the hyphen between 8 and checksum instead of a dot. Reply vic says error sending June 8, 2014 at 7:22 pm I just fixed them. Sorry for the hassle. Reply J0hn says June 9, 2014 at 11:29 am Nice, Windows eventchannel support. Reply Raymii says June 11, 2014 at 8:34 pm Yay for a new release :). I've updated my tutorial to include 2.8: https://raymii.org/s/tutorials/OSSEC_2.8.0_Server_Client_and_Analogi_Dashboard_on_Ubuntu.html Reply Keith says June 12, 2014 at error sending email 2:35 am After upgrading to OSSEC 2.8 from 2.7 I get theerror: "Testing rules failed. Configuration error. Exiting." This is due to thethe rule bro-ids.xml being in the current installation rule set of my 2.7 install. They removed this in their code set apparently?So on upgrades remove the entry forbro-ids.xmlfrom the /var/ossec/etc/ossec.conf configuration file and you won't have this issue. Thought I would post my finding here to save others the hassle of digging this up as the error can be reported as something else from Google searches. Reply Gabrewat says June 12, 2014 at 5:43 am Keith, you said the file reference for "bro-ids.xml" in /var/ossec/etc/ossec.conf whould be removed but I found the file reference is really "bro-ids_rules.xml" (at least in my preexisting 2.7 install). OSSEC 2.8 starts up fine after this change. Reply Bernard Lheureux says June 26, 2014 at 8:03 pm Please, ignore my last post, the good one is this one ! Reinstalled ossec-release… # rpm -ivh -force ossec-release-1.0-2.el6.art.noarch.rpm Preparing… ########################################### [100%] 1:ossec-release ################