[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] ossec can't send e-mail

Subject: [Ossec-list] ossec can't send e-mail
From: oahmet at metu.edu.tr (Ahmet Ozturk)
Date: Wed, 05 Apr 2006 23:50:25 +0300

Hi Pedro,

I just confused your case with another one. Daniel warned me that 
<allowed-ips> directive is needed if you want to send syslog messages 
to the server. So you don't need to have them in your config.

Please check the message Daniel has sent to the list.

Sorry for inconvenience.

Regards,

Ahmet Ozturk.

Alinti Pedro Drimel Neto <pedrodrimel at gmail.com>

> <allowed-ip> wasn't on the server with the ip of agent, thanks but
> ossec-agentd was not on serverup like show de ossec.log
>
> 2006/04/05 17:25:14 ossec-remoted: Started (pid: 2069).
> 2006/04/05 17:25:14 ossec-remoted: Started (pid: 2070).
> 2006/04/05 17:25:17 ossec-remoted(1210): Queue '/queue/ossec/queue' not
> accessible.
> 2006/04/05 17:25:17 ossec-remoted(1211): Unable to access queue:
> '/queue/ossec/queue'. Giving up..
> 2006/04/05 17:25:18 ossec-remoted: Started (pid: 2075).
> 2006/04/05 17:25:18 ossec-remoted: Started (pid: 2076).
> 2006/04/05 17:25:21 ossec-remoted(1210): Queue '/queue/ossec/queue' not
> accessible.
> 2006/04/05 17:25:21 ossec-remoted(1211): Unable to access queue:
> '/queue/ossec/queue'. Giving up..
>
> What about this queue ?
>
> Any idea ?
>
> Thanks a lot.
>
> ----- Original Message -----
> From: "Ahmet Ozturk" <oahmet at metu.edu.tr>
> To: <ossec-list at ossec.net>
> Sent: Wednesday, April 05, 2006 5:07 PM
> Subject: Re: [Ossec-list] ossec can't send e-mail
>
>
>> Hi Pedro,
>>
>> Please be sure that, you have <allowed-ips> entries in global section
>> of your ossec.conf on server to allow your clients to send messages.
>> I mean your ossec.conf should look like:
>>
>> <global>
>>  <email_notification>yes</email_notification>
>>  <email_to>root at queen.mydomain</email_to>
>>  <smtp_server>192.168.1.1</smtp_server>
>>  <email_from>ossect at queen</email_from>
>>  <allowed-ips>192.168.1.3/32</allowed-ips>
>>  <allowed-ips>192.168.1.5/32</allowed-ips>
>>  <allowed-ips>192.168.2.0/24</allowed-ips>
>> </global>
>> ....
>>
>> Please see the documentation: http://www.ossec.net/en/manual.html#config
>>
>> Hope this helps.
>>
>> Regards,
>>
>> Ahmet Ozturk.
>>
>> Alinti Pedro Drimel Neto <pedrodrimel at gmail.com>
>>
>>> I'm having problem with agent too
>>>
>>> In the ossec.log of agent says:
>>>
>>> 2006/04/05 18:45:02 ossec-agentd(1218): Unable to send message to server.
>>> 2006/04/05 18:45:04 ossec-agentd(1218): Unable to send message to server.
>>> 2006/04/05 18:45:04 ossec-agentd(1218): Unable to send message to server.
>>> 2006/04/05 18:45:05 ossec-agentd(1218): Unable to send message to server.
>>> 2006/04/05 18:45:07 ossec-agentd(1218): Unable to send message to server.
>>> 2006/04/05 18:45:08 ossec-agentd(1218): Unable to send message to server.
>>>
>>> There isn't firewall rules on agent and on the server, the ping has a
>>> response and the clients.keys are right..
>>>
>>> Any idea?
>>>
>>> Thanks a lot.
>>>
>>>
>>> ----- Original Message -----
>>> From: "Ahmet Ozturk" <oahmet at metu.edu.tr>
>>> To: <ossec-list at ossec.net>
>>> Sent: Wednesday, April 05, 2006 4:32 PM
>>> Subject: Re: [Ossec-list] ossec can't send e-mail
>>>
>>>
>>>> Hi Nico,
>>>>
>>>> Your SMTP server probably performs helo check I think. Ossec-HIDS sends
>>>> "notify.ossec.net" to helo SMTP server, and if SMTP server checks the
>>>> hostname given by helo command, it will notice that the machine trying
>>>> to send e-mail is not actually the "notify.ossec.net", and it rejects
>>>> the client for bogus helo. I've read something about "bogus_helo"
>>>> checks on debian by searching google.
>>>>
>>>> Also some people mentioned that this problem occured in an environment
>>>> that sendmail is behind a firewall. Does this fit your case?
>>>>
>>>> Btw, there should be some entries in you mail logs for these
>>>> unsuccessful attempts. Can you send us your sendmail.cg and
>>>> corresponding log entries?
>>>>
>>>> Regards,
>>>>
>>>> Ahmet Ozturk.
>>>>
>>>>
>>>> Alinti Nico De Ranter <nico at sonycom.com>
>>>>
>>>>>
>>>>> Hi
>>>>>
>>>>> I'm trying out ossec-hids on Debian (sid). I've got 1 server and 2
>>>>> agents configured. However in the ossec.log file on the server I see a
>>>>> lot of messages like:
>>>>>
>>>>> 2006/04/05 15:58:30 os_sendmail(1703): Hello not accepted by server:220
>>>>> xxxxxxx.xxxxx.xxx ESMTP Sendmail 8.12.10/8.12.10; Wed, 5 Apr 2006
>>>>> 15:58:30 +0200 (MEST)
>>>>> 2006/04/05 15:58:30 ossec-maild(1223): Error Sending email to
>>>>> xx.xx.xx.xx (smtp server)
>>>>>
>>>>> I don't understand why I get this message. I can send e-mail from the
>>>>> command-line using mailx without problems. I tried doing a telnet to
>>>>> port 25 on the mail server and doing 'helo myserver.mydomain.com' and
>>>>> that was accepted also. Why can't ossec send e-mail?
>>>>>
>>>>> Nico
>>>>>
>>>>> --
>>>>> Nico De Ranter
>>>>> Senior System Administrator
>>>>> Sony Service Center (NSCE)
>>>>> The Corporate Village, Da Vincilaan 7-D1
>>>>> B-1935 Zaventem, Belgium
>>>>> Telephone: +32 (0)2 700 86 41 Fax: +32 (0)2 700 86 22
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> ossec-list mailing list
>>>>> ossec-list at ossec.net
>>>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --------------------------------------------------------------------------------
>>>
>>>
>>>> _______________________________________________
>>>> ossec-list mailing list
>>>> ossec-list at ossec.net
>>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>>
>>>
>>> _______________________________________________
>>> ossec-list mailing list
>>> ossec-list at ossec.net
>>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>>
>>
>>
>>
>
>
> --------------------------------------------------------------------------------
>
>
>> _______________________________________________
>> ossec-list mailing list
>> ossec-list at ossec.net
>> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>>
>
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 1706 bytes
Desc: PGP =?us-ascii?b?QcOnxLFrIA==?=
	=?us-ascii?b?QW5haHRhcsSx?=
Url : http://mailman.underlinux.com.br/pipermail/ossec-list/attachments/20060405/cc02186f/attachment.bin

References:
- [Ossec-list] ossec can't send e-mail
  - From: Nico De Ranter
- [Ossec-list] ossec can't send e-mail
  - From: Ahmet Ozturk
- [Ossec-list] ossec can't send e-mail
  - From: Pedro Drimel Neto
- [Ossec-list] ossec can't send e-mail
  - From: Ahmet Ozturk
- [Ossec-list] ossec can't send e-mail
  - From: Pedro Drimel Neto

Prev by Date: [Ossec-list] ossec can't send e-mail
Next by Date: [Ossec-list] ossec can't send e-mail
Previous by thread: [Ossec-list] ossec can't send e-mail
Next by thread: [Ossec-list] ossec can't send e-mail
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.