[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] ossec can't send e-mail

Subject: [Ossec-list] ossec can't send e-mail
From: daniel.cid at gmail.com (Daniel Cid)
Date: Wed, 5 Apr 2006 17:08:27 -0300

Hey Pedro,

This may be three things:

1-The server is not running. Go to your server and make sure that
it is running (specially ossec-remoted must be up). Show us a
the output of "ps auwx |grep ossec" and "netstat -uanep". Also
make sure that if you added the agent AFTER starting the server,
you need to restart it (at least restart ossec-remoted).

2-The agent has the wrong config. Look at /var/ossec/etc/ossec.conf
and make sure the server IP is correct. Try running a netcat (udp) against
the server IP on the port 1514 . You should be able to access it (you can
also nmap the server to see if the port is open).

3-Something is blocking the connections in the middle. The same check
you did above is valid here...

If none of this helps, show us your config files and the output of the commands
above.

Thanks,

--
Daniel B. Cid
dcid @ ( at ) ossec.net
http://www.ossec.net


On 4/5/06, Pedro Drimel Neto <pedrodrimel at gmail.com> wrote:
> I'm having problem with agent too
>
> In the ossec.log of agent says:
>
> 2006/04/05 18:45:02 ossec-agentd(1218): Unable to send message to server.
> 2006/04/05 18:45:04 ossec-agentd(1218): Unable to send message to server.
> 2006/04/05 18:45:04 ossec-agentd(1218): Unable to send message to server.
> 2006/04/05 18:45:05 ossec-agentd(1218): Unable to send message to server.
> 2006/04/05 18:45:07 ossec-agentd(1218): Unable to send message to server.
> 2006/04/05 18:45:08 ossec-agentd(1218): Unable to send message to server.
>
> There isn't firewall rules on agent and on the server, the ping has a
> response and the clients.keys are right..
>
> Any idea?
>
> Thanks a lot.
>
>
> ----- Original Message -----
> From: "Ahmet Ozturk" <oahmet at metu.edu.tr>
> To: <ossec-list at ossec.net>
> Sent: Wednesday, April 05, 2006 4:32 PM
> Subject: Re: [Ossec-list] ossec can't send e-mail
>
>
> > Hi Nico,
> >
> > Your SMTP server probably performs helo check I think. Ossec-HIDS sends
> > "notify.ossec.net" to helo SMTP server, and if SMTP server checks the
> > hostname given by helo command, it will notice that the machine trying
> > to send e-mail is not actually the "notify.ossec.net", and it rejects
> > the client for bogus helo. I've read something about "bogus_helo"
> > checks on debian by searching google.
> >
> > Also some people mentioned that this problem occured in an environment
> > that sendmail is behind a firewall. Does this fit your case?
> >
> > Btw, there should be some entries in you mail logs for these
> > unsuccessful attempts. Can you send us your sendmail.cg and
> > corresponding log entries?
> >
> > Regards,
> >
> > Ahmet Ozturk.
> >
> >
> > Alinti Nico De Ranter <nico at sonycom.com>
> >
> >>
> >> Hi
> >>
> >> I'm trying out ossec-hids on Debian (sid). I've got 1 server and 2
> >> agents configured. However in the ossec.log file on the server I see a
> >> lot of messages like:
> >>
> >> 2006/04/05 15:58:30 os_sendmail(1703): Hello not accepted by server:220
> >> xxxxxxx.xxxxx.xxx ESMTP Sendmail 8.12.10/8.12.10; Wed, 5 Apr 2006
> >> 15:58:30 +0200 (MEST)
> >> 2006/04/05 15:58:30 ossec-maild(1223): Error Sending email to
> >> xx.xx.xx.xx (smtp server)
> >>
> >> I don't understand why I get this message. I can send e-mail from the
> >> command-line using mailx without problems. I tried doing a telnet to
> >> port 25 on the mail server and doing 'helo myserver.mydomain.com' and
> >> that was accepted also. Why can't ossec send e-mail?
> >>
> >> Nico
> >>
> >> --
> >> Nico De Ranter
> >> Senior System Administrator
> >> Sony Service Center (NSCE)
> >> The Corporate Village, Da Vincilaan 7-D1
> >> B-1935 Zaventem, Belgium
> >> Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22
> >>
> >>
> >> _______________________________________________
> >> ossec-list mailing list
> >> ossec-list at ossec.net
> >> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
> >>
> >
> >
> >
>
>
> --------------------------------------------------------------------------------
>
>
> > _______________________________________________
> > ossec-list mailing list
> > ossec-list at ossec.net
> > http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
> >
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>

References:
- [Ossec-list] ossec can't send e-mail
  - From: Nico De Ranter
- [Ossec-list] ossec can't send e-mail
  - From: Ahmet Ozturk
- [Ossec-list] ossec can't send e-mail
  - From: Pedro Drimel Neto

Prev by Date: [Ossec-list] ossec can't send e-mail
Next by Date: [Ossec-list] ossec can't send e-mail
Previous by thread: [Ossec-list] ossec can't send e-mail
Next by thread: [Ossec-list] ossec can't send e-mail
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.