[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: New to ossec

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: New to ossec
From: Tommy Gast <TGast@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 6 Jul 2006 14:18:15 -0500

Ok, I'm a rock. I figured out what the issue was. When I reinstalled this morning, it self discovered the mail server, problem with that mail server is doesn't allow relaying so that's why I didn't get the messages once it changed to that mail server it stopped. I looked at the logs and seen Mail delivery errors and figured it out from there. Thanks Sorry for the error.

P.S

Great tool - Really nice job.

Tommy Gast
NCI Security
312-583-3619

"Daniel Cid" <daniel.cid@xxxxxxxxx>
Sent by: ossec-list@xxxxxxxxxxxxxxxx

07/06/2006 02:01 PM

Please respond to
ossec-list@xxxxxxxxxxxxxxxx

To	ossec-list@xxxxxxxxxxxxxxxx, Bubbacheese <tommygast@xxxxxxxxx>
cc
Subject	[ossec-list] Re: New to ossec

Did you restart ossec after adding the log entry for snort? Can you show us the output of: cat /var/ossec/etc/ossec.conf cat /var/ossec/logs/ossec.log In addition to that, do you see the alerts showing up on the /var/ossec/logs/alerts directory or they do not show up only in the e-mail alerts? Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 7/6/06, Bubbacheese <tommygast@xxxxxxxxx> wrote: > > I've just downloaded and played around with OSSEC (Which is Great) and > I'm trying to get my snort alerts sent to me via email. But it doesn't > seem to be working. This is what I've added to the ossec.conf file. > > <localfile> > <log_format>snort-full</log_format> > <location>/var/log/snort/alert</location> > </localfile> > > and this is the snort command line I use. > > snort -c /etc/snort/snort.conf -A full -D > > Snort is generating alerts, but I'm just not getting OSSEC to send this > to me. Thanks for the help. Oh yea ver is the lastest from yesterday. > > > > >
ForwardSourceID:NT00001CEA

This communication is from Navigant Consulting Inc. E-mail text or attachments may contain information which is confidential and may also be privileged. This communication is for the exclusive use of the intended recipient(s). If you have received this communication in error, please return it with the title "received in error" to NCISecurity@xxxxxxxxxxxxxxxxxxxxxx, and then delete the email and destroy any copies of it. In addition, this communication is subject to, and incorporates by reference, additional disclaimers found in Navigant Consulting's "Email Disclaimer" section at www.NavigantConsulting.com.
--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

References:
- [ossec-list] Re: New to ossec
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: New to ossec
Next by Date: [ossec-list] Russian translation of installation process is available
Previous by thread: [ossec-list] Re: New to ossec
Next by thread: [ossec-list] Russian translation of installation process is available
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.