ossec maild stopped working after OS patch install

[holly1954]

Ossec version 2.9.3-1

OS CentOS 7.5.1804

After latest round of patches maild no longer mailing alerts

Debug shows
2018/06/14 08:15:14 ossec-maild: DEBUG: Starting ...
2018/06/14 08:15:14 ossec-maild: INFO: Chrooted to directory: /var/ossec

Then nothing

I can email as ossecm directly

No output via tcpdump for email

Not sure how to move forward troubleshooting since logging doesn’t have any failures

[ddpbsd]

You could add more logging to ossec-maild. I'm not using the 2.9 branch, so I'm not sure what else to do there.

[holly1954]

How do I add more logging. I already did the enable debug but that ga e no additonal detail. From: Dan Parriott <notifications@github.com<mailto:notifications@github.com>> Date: Friday, Jul 06, 2018, 8:57 AM To: ossec/ossec-hids <ossec-hids@noreply.github.com<mailto:ossec-hids@noreply.github.com>> Cc: Lund, Holly (CONTR) <holly.lund@hq.doe.gov<mailto:holly.lund@hq.doe.gov>>, Author <author@noreply.github.com<mailto:author@noreply.github.com>> Subject: Re: [ossec/ossec-hids] ossec maild stopped working after OS patch install (#1436) You could add more logging to ossec-maild. I'm not using the 2.9 branch, so I'm not sure what else to do there. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#1436 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AkSKbelPwy4rwbms7QV5WCvKMldxaNR8ks5uD16_gaJpZM4Upe3y>.

[ddpbsd]

Go through the source code to see where it could possibly be failing and add some debugging there. Then recompile and start it up.

[ddpbsd]

I guess something else to check on is make sure events are being written to alerts.log. maild is supposed to read that file and send messages based on the alerts there.

[holly1954]

There are lots of alerts there From: Dan Parriott <notifications@github.com<mailto:notifications@github.com>> Date: Friday, Jul 06, 2018, 12:26 PM To: ossec/ossec-hids <ossec-hids@noreply.github.com<mailto:ossec-hids@noreply.github.com>> Cc: Lund, Holly (CONTR) <holly.lund@hq.doe.gov<mailto:holly.lund@hq.doe.gov>>, Author <author@noreply.github.com<mailto:author@noreply.github.com>> Subject: Re: [ossec/ossec-hids] ossec maild stopped working after OS patch install (#1436) I guess something else to check on is make sure events are being written to alerts.log. maild is supposed to read that file and send messages based on the alerts there. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub<#1436 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AkSKbeD65ynrbrO49A0KEUZEm6uOvfq-ks5uD4-8gaJpZM4Upe3y>.