[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ossec-list] ossec can't send e-mail
- Subject: [Ossec-list] ossec can't send e-mail
- From: pedrodrimel at gmail.com (Pedro Drimel Neto)
- Date: Wed, 5 Apr 2006 17:27:56 -0300
<allowed-ip> wasn't on the server with the ip of agent, thanks but
ossec-agentd was not on serverup like show de ossec.log
2006/04/05 17:25:14 ossec-remoted: Started (pid: 2069).
2006/04/05 17:25:14 ossec-remoted: Started (pid: 2070).
2006/04/05 17:25:17 ossec-remoted(1210): Queue '/queue/ossec/queue' not
accessible.
2006/04/05 17:25:17 ossec-remoted(1211): Unable to access queue:
'/queue/ossec/queue'. Giving up..
2006/04/05 17:25:18 ossec-remoted: Started (pid: 2075).
2006/04/05 17:25:18 ossec-remoted: Started (pid: 2076).
2006/04/05 17:25:21 ossec-remoted(1210): Queue '/queue/ossec/queue' not
accessible.
2006/04/05 17:25:21 ossec-remoted(1211): Unable to access queue:
'/queue/ossec/queue'. Giving up..
What about this queue ?
Any idea ?
Thanks a lot.
----- Original Message -----
From: "Ahmet Ozturk" <oahmet at metu.edu.tr>
To: <ossec-list at ossec.net>
Sent: Wednesday, April 05, 2006 5:07 PM
Subject: Re: [Ossec-list] ossec can't send e-mail
> Hi Pedro,
>
> Please be sure that, you have <allowed-ips> entries in global section
> of your ossec.conf on server to allow your clients to send messages.
> I mean your ossec.conf should look like:
>
> <global>
> <email_notification>yes</email_notification>
> <email_to>root at queen.mydomain</email_to>
> <smtp_server>192.168.1.1</smtp_server>
> <email_from>ossect at queen</email_from>
> <allowed-ips>192.168.1.3/32</allowed-ips>
> <allowed-ips>192.168.1.5/32</allowed-ips>
> <allowed-ips>192.168.2.0/24</allowed-ips>
> </global>
> ....
>
> Please see the documentation: http://www.ossec.net/en/manual.html#config
>
> Hope this helps.
>
> Regards,
>
> Ahmet Ozturk.
>
> Alinti Pedro Drimel Neto <pedrodrimel at gmail.com>
>
>> I'm having problem with agent too
>>
>> In the ossec.log of agent says:
>>
>> 2006/04/05 18:45:02 ossec-agentd(1218): Unable to send message to server.
>> 2006/04/05 18:45:04 ossec-agentd(1218): Unable to send message to server.
>> 2006/04/05 18:45:04 ossec-agentd(1218): Unable to send message to server.
>> 2006/04/05 18:45:05 ossec-agentd(1218): Unable to send message to server.
>> 2006/04/05 18:45:07 ossec-agentd(1218): Unable to send message to server.
>> 2006/04/05 18:45:08 ossec-agentd(1218): Unable to send message to server.
>>
>> There isn't firewall rules on agent and on the server, the ping has a
>> response and the clients.keys are right..
>>
>> Any idea?
>>
>> Thanks a lot.
>>
>>
>> ----- Original Message -----
>> From: "Ahmet Ozturk" <oahmet at metu.edu.tr>
>> To: <ossec-list at ossec.net>
>> Sent: Wednesday, April 05, 2006 4:32 PM
>> Subject: Re: [Ossec-list] ossec can't send e-mail
>>
>>
>>> Hi Nico,
>>>
>>> Your SMTP server probably performs helo check I think. Ossec-HIDS sends
>>> "notify.ossec.net" to helo SMTP server, and if SMTP server checks the
>>> hostname given by helo command, it will notice that the machine trying
>>> to send e-mail is not actually the "notify.ossec.net", and it rejects
>>> the client for bogus helo. I've read something about "bogus_helo"
>>> checks on debian by searching google.
>>>
>>> Also some people mentioned that this problem occured in an environment
>>> that sendmail is behind a firewall. Does this fit your case?
>>>
>>> Btw, there should be some entries in you mail logs for these
>>> unsuccessful attempts. Can you send us your sendmail.cg and
>>> corresponding log entries?
>>>
>>> Regards,
>>>
>>> Ahmet Ozturk.
>>>
>>>
>>> Alinti Nico De Ranter <nico at sonycom.com>
>>>
>>>>
>>>> Hi
>>>>
>>>> I'm trying out ossec-hids on Debian (sid). I've got 1 server and 2
>>>> agents configured. However in the ossec.log file on the server I see a
>>>> lot of messages like:
>>>>
>>>> 2006/04/05 15:58:30 os_sendmail(1703): Hello not accepted by server:220
>>>> xxxxxxx.xxxxx.xxx ESMTP Sendmail 8.12.10/8.12.10; Wed, 5 Apr 2006
>>>> 15:58:30 +0200 (MEST)
>>>> 2006/04/05 15:58:30 ossec-maild(1223): Error Sending email to
>>>> xx.xx.xx.xx (smtp server)
>>>>
>>>> I don't understand why I get this message. I can send e-mail from the
>>>> command-line using mailx without problems. I tried doing a telnet to
>>>> port 25 on the mail server and doing 'helo myserver.mydomain.com' and
>>>> that was accepted also. Why can't ossec send e-mail?
>>>>
>>>> Nico
>>>>
>>>> --
>>>> Nico De Ranter
>>>> Senior System Administrator
>>>> Sony Service Center (NSCE)
>>>> The Corporate Village, Da Vincilaan 7-D1
>>>> B-1935 Zaventem, Belgium
>>>> Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22
>>>>
>>>>
>>>> _______________________________________________
>>>> ossec-list mailing list
>>>> ossec-list at ossec.net
>>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>>
>>>
>>>
>>>
>>
>>
>> --------------------------------------------------------------------------------
>>
>>
>>> _______________________________________________
>>> ossec-list mailing list
>>> ossec-list at ossec.net
>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>
>>
>> _______________________________________________
>> ossec-list mailing list
>> ossec-list at ossec.net
>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>
>
>
>
--------------------------------------------------------------------------------
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.