OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
sudo /var/ossec/bin/ossec-control status
ossec-monitord is running...
ossec-logcollector is running...
ossec-remoted is running...
ossec-syscheckd is running...
ossec-analysisd is running...
ossec-maild: Process 1030 not used by ossec, removing ..
ossec-maild is running...
ossec-execd is running...
I restarted ossec and everything works again.
However ossec-maild should "survive" a period when the smtp server is down and resume operation as expected.
Our smtp-Server was down last night for about 20 minutes, starting at 01:01
Once, the server was working again, ossec server did not send any emails. I assume maild crashed in some way.
Ossec-Log:
And no more messages from ossec-maild afterwards.
Later, I saw one process ossec-maild:
In addition:
I restarted ossec and everything works again. However ossec-maild should "survive" a period when the smtp server is down and resume operation as expected.
Greetings Dominik