按照mannul的介紹,直接在ossec.conf中配置如下:
<global>
<email_notification>yes</email_notification>
<email_to>[email protected]</email_to>
<smtp_server>smtp.gmail.com</smtp_server>
<email_from>ossec@jack-ubuntu-desktop</email_from>
</global>
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>1</email_alert_level>
</alerts>
可是gmail收不到任何alert郵件。
按照josay的方法,將alert以郵件發給本地root,http://blog.csdn.net/jo_say/article/details/6049111
<email_to>root@localhost</email_to>
<smtp_server>127.0.0.1</smtp_server>
然後設置gmail郵箱的別名aliases爲root:
vi /etc/aliases
最後加上一條root: jack.23783@gmail.com
這樣沒有問題。
可是直接爲什麼不行呢,用nslookup查詢,到smtp.gmail.com的路徑是通的啊!
發email到ossec-list上詢問,Daniel告訴我:
To send the emails to a gmail address you have to use one of the MX
hosts from gmail.com:
$ host -t MX gmail.com
gmail.com mail is handled by 20 alt2.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 30 alt3.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 40 alt4.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.
gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.
Change the smtp server to gmail-smtp-in.l.google.com and it should work.
命令”host -t MX gmail.com“是把主機名解析成網際地址,-t MX指定類型爲郵件交換器
把smtp改過來之後,一切正常!
整個世界開始alert了。。。