i'm stuck on my OSSEC configuration. my server makes use of exim4 for sending email. that works fine. i have OSSEC with pretty much all of the defaults. i have my email configuration in the ossec.conf file similar to:
<global>
<email_notification>yes</email_notification>
<email_to>[email protected]</email_to>
<smtp_server>127.0.0.1</smtp_server>
<email_from>[email protected]</email_from>
</global>
I have tried various smtp_servers to no avail.
Ideally i would like to see anything put into the OSSEC log files, but that is not happening. my exim4 log looks fine (although its clear that there is no attempt there to email based on my ossec config), the ossec-maild is running...
I have tried restarting OSSEC numerous times, and i still can not get the system to send me an email on startup or at any other time.
i would continually receive the following error:
ossec-maild(1223): ERROR: Error Sending email to 127.0.0.1 (smtp server)when i would attempt to mail something from the command line, exim4 would work fine.
however, it seems that the exim4.service was loaded, but not active. running:
/etc/init.d/exim4 startstarted the service and everything started working.
with regards to not logging the ossec-maild into the OSSEC logs, i am still working on that.