Ossec tests and verification

Question

I have just installed OSSec accordingly as the server. When it asked for my email I put in my GMail address and for the SMTP I was not sure so I just set it as localhost first. Then it runs a number of commands accordingly. Finally it states this:

In order to connect agent and server, you need to add each agent to the server.
   Run the 'manage_agents' to add or remove them:

   /var/ossec/bin/manage_agents

Another thing I did this /var/ossec/bin/ossec-control start

Starting OSSEC HIDS v2.6 (by Trend Micro Inc.)...
OSSEC analysisd: Testing rules failed. Configuration error. Exiting.
Started ossec-maild...
Started ossec-execd...
Started ossec-analysisd...
Started ossec-logcollector...
Started ossec-remoted...
Started ossec-syscheckd...

Part of config file.

  <global>
    <email_notification>yes</email_notification>
    <email_to>*****@gmail.com</email_to>
    <smtp_server>localhost</smtp_server>
    <email_from>ossecm@localhost.localdomain</email_from>
  </global>

Started ossec-monitord...
Completed.

So what error is it telling me about the configuration?

Answer 1

You made a mistake in your configuration, probably the way you entered your smtp or email address. Check your config here /var/ossec/etc/ossec.conf (add it to your question). It should look somewhat like this:

 <smtp_server>localhost</smtp_server>
 <email_to>example@example.com</email_to>

The first rule is to tell you you can add agents (other servers running ossec reporting to this central server). This means you probably installed OSSEC was installed as server. If this is your only machine you are better off installing as standalone. I posted a guide on my blog for OSSEC which explains some of the basics.