How to troubleshoot "direct" email alerts?

[7MinSec]

Hi there,

I've got my canary up and running and used the readthedocs PDF to setup authenticated email alerts similar to your example:

[..] # Services configuration
"logger": {
"class" : "PyLogger",
"kwargs" : {
"handlers": {
"SMTP": {
"class": "logging.handlers.SMTPHandler",
"mailhost": ["authenticated.mail.server", 25],
"fromaddr": "canary@yourdomain.com",
"toaddrs" : ["youraddress@yourdomain.com"],
"subject" : "OpenCanary Alert",
"credentials" : ["myusername", "password1"]
}
}
}
}

At this point, should connection attempts that get logged in /var/tmp/opencanary.log send alerts to me? The FTP/telnet/etc. attempts are definitely getting logged, but I wasn't understanding if I also needed Correlator to actually send the alerts, or if the alerts should be sending "direct" now?

Thanks,
Brian

[thinkst]

Hi Brian,

You've got it right: the OC daemon isn't intended to send the emails (or even alerts) directly. It logs events to the Correlator which condenses multiple events into an single alert that it can send off. The default OC config file includes a directive log to the Correlator, which will be able to send off an email.

https://github.com/thinkst/opencanary/blob/master/opencanary/data/settings.json#L57

[7MinSec]

Ok thanks much, I can make email alerts work pretty well with inotify-tools so I think I'm good to go, just wanted to check on the "right" way to do this. Have a great day.

[kjacobsen]

Hi,

Just looking at OpenCanary, sorry to comment on a closed issue, but email alerts do seem to work from the OC daemon as @braimee was attempting to do.

"SMTP": {
                    "class": "logging.handlers.SMTPHandler",
                    "mailhost": ["smtp.sendgrid.net", 25],
                    "fromaddr": "from@myemail.com",
                    "toaddrs" : ["myemail@myemail.com"],
                    "subject" : "OpenCanary Alert",
                    "credentials" : ["username","password"]
               }