[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-list] Re: No SMTP
- To: ossec-list@xxxxxxxxxxxxxxxx
- Subject: [ossec-list] Re: No SMTP
- From: "Fletch Hasues" <hasues@xxxxxxxxx>
- Date: Thu, 26 Jul 2007 09:43:16 -0400
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=EfwkOVl2M5H76krVA0fhFX/pybBkIFs2AE9GGIb8zADNfk/EWYTL0i2kR2dNPbScnZo02wmhXxqhBmmB/Eru4WtXwAikGPV3iB3MWJQQzQGZ7SXWC+G65Y+w4rUlTLGrCWZ0hutTS2wLMwEyJpbne3VCPJb1pJuXqB8rpI0OehI=
Unless OSSEC support something other than SMTP, then I don't know what to tell you. You could run a mini SMTP server that only accepts connections on 127.0.0.1 perhaps? That would allow only local users to send mail to the local system and outbound, but you could custom config the rulesets to not allow outbound. Other than that, if you aren't going to use a local mailer, why don't you simply write a script to parse the ossec log file, and pick your transport of choice to send it to, whether it be local mail, storing a text file, etc. Or, if you did this at a regular interval, you could do a log rotate on the file every day/night/interval of choice, and you would have a similar solution.
Haz
On 7/26/07, jrhipkiss@xxxxxxxxxxxxxx <jrhipkiss@xxxxxxxxxxxxxx
> wrote:
Can no one help me? I don't want to run an SMTP server on this
machine as it adds another security weakness for no reason.
On Jul 23, 8:47 pm, jrhipk...@xxxxxxxxxxxxxx wrote:
> Hi all,
>
> Sorry if this is a stupid question but I've got OSSEC working and I'm
> getting alerts to ...ossec/log/alerts however I have no smtp server
> running on my server I just use the internal unix mailbox for all my
> mail.
>
> How can I get ossec to send to that?
>
> Thanks
>
> Jonathan
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.