Difficulty Configuring OSSEC to Send Email Notifications Through GMail SMTP
 

Greetings:
I am attempt to set up OSSEC to send email notifications through Google's SMTP on my CentOS system. I have referenced the following tutorial: https://myopsblog.wordpress.com/2017...ts-from-gmail/

I have sSMTP package functioning. That is, I can send email to my Yahoo account through something such as follows:
However, OSSEC fails to send email alerts properly.

My ssmtp.conf file:

My ossec.conf file:

Any advice would be appreciated.Based upon the article referenced above, the OSSEC config should be simple, but I am having no success.
Thanks.

Why are you configuring ossec to use localhost? Do you have a mail server configured? As you've configured ssmtp, it's not a mail server but just a connector to gmail, as I understand it.

Can you configure ossec to use ssmtp? If not try configuring ossec to use gmail directly, as you've done for ssmtp.

Thanks for the response. I was configuring OSSEC to use localhost because, according to the article/tutorial I was following:
"Local postfix will redirect all delivery requests to gmail user set in SSMTP."
This may be incorrect, but I am not familar enough with either Postfix or sSMTP to say for certain one way or another.

Unfortunately, I do not see how I would configure OSSEC to use GMail directly, since I see no way to specify necessary options such as port, credentials, etc. According to my understanding of the OSSEC documentation, there are only a handful of options relevant to email - smtp_server, email_to, email_from, etc.

While I have some familiarity with e-mail protocols, I have never set-up a full SMTP server on a system. If my current sSMTP configuration is not capable of performing the task of forwarding OSSEC's request to GMail, is there some sSMTP configuration that can be performed, or must a different MTA package/utility be used?

Thanks.

That's probably correct, but, apparently, you are not running postfix, or any MTA (Mail Transport Agent) as sendmail, qmail, dovecot, etc.

Reading the how-to about OSSEC on digitalocean.com I find.

I actually do have Postfix installed and running; it was installed with the system. I just never touched any of the configuration files. I am guessing I have to configure Postfix itself; configuring the sSMTP package is not sufficient even though I can send email through the command line? Sorry, for the stupid question; I am a bit unclear on the relationship between Postfix and sSMTP. The article I was following explained how to configure sSMTP, but only referenced installing (not detailing the configuration of) Postfix.

Thanks.

If postfix is running, perhaps the only issue is that it's not "at" localhost. Try using 127.0.0.1 instead of localhost in your ossec configuration.

That was indeed the problem. Really not sure why OSSEC was not able to find the Postfix server at localhost, but it did with the IP. Thanks much!

Glad I could help.

What’s in /etc/hosts?