mikeshinn wrote:Lets see if OSSEC is restarting for expected reasons (rule updates), or if its having some problem that caused it to stop running. Do you see any errors in this log file:
grep ERROR /var/ossec/logs/ossec.log | egrep -iv "diff|queue"
The only error showing up is relating to mail. I checked the settings and I don't see a way to set any email server configurations so..is there a way around this error..??
output:
2018/07/06 10:00:17 ossec-maild: ERROR: (1765): RCPT TO not accepted by server - '
jbm@esonicspider.com'.
2018/07/06 10:00:17 ossec-maild: ERROR: (1223): Error Sending email to 207.137.0.3 (smtp server)
2018/07/06 11:01:10 ossec-maild: ERROR: (1765): RCPT TO not accepted by server - '
jbm@esonicspider.com'.
2018/07/06 11:01:10 ossec-maild: ERROR: (1223): Error Sending email to 207.137.0.3 (smtp server)
2018/07/06 12:01:19 ossec-maild: ERROR: (1765): RCPT TO not accepted by server - '
jbm@esonicspider.com'.
2018/07/06 12:01:19 ossec-maild: ERROR: (1223): Error Sending email to 207.137.0.3 (smtp server)
2018/07/06 13:00:17 ossec-maild: ERROR: (1765): RCPT TO not accepted by server - '
jbm@esonicspider.com'.
2018/07/06 13:00:17 ossec-maild: ERROR: (1223): Error Sending email to 207.137.0.3 (smtp server)
2018/07/06 14:01:16 ossec-maild: ERROR: (1765): RCPT TO not accepted by server - '
jbm@esonicspider.com'.
2018/07/06 14:01:16 ossec-maild: ERROR: (1223): Error Sending email to 207.137.0.3 (smtp server)