按照mannul的介绍,直接在ossec.conf中配置如下:
<global>
<email_notification>yes</email_notification>
<email_to>jack.23783@gmail.com</email_to>
<smtp_server>smtp.gmail.com</smtp_server>
<email_from>ossec@jack-ubuntu-desktop</email_from>
</global>
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>1</email_alert_level>
</alerts>
可是gmail收不到任何alert邮件。
按照josay的方法,将alert以邮件发给本地root,http://blog.csdn.net/jo_say/article/details/6049111
<email_to>root@localhost</email_to>
<smtp_server>127.0.0.1</smtp_server>
然后设置gmail邮箱的别名aliases为root:
vi /etc/aliases
最后加上一条root: jack.23783@gmail.com
这样没有问题。
可是直接为什么不行呢,用nslookup查询,到smtp.gmail.com的路径是通的啊!
发email到ossec-list上询问,Daniel告诉我:
To send the emails to a gmail address you have to use one of the MX
hosts from gmail.com:
$ host -t MX gmail.com
gmail.com mail is handled by 20 alt2.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 30 alt3.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 40 alt4.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.
gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.
Change the smtp server to gmail-smtp-in.l.google.com and it should work.
命令”host -t MX gmail.com“是把主机名解析成网际地址,-t MX指定类型为邮件交换器
把smtp改过来之后,一切正常!
整个世界开始alert了。。。