Hello,


I have installed AV OSSIM v2.1 (32bit edition) from ISO images from http://data.alienvault.com/alienvault-ossim-installer-2.1.x86.iso

after installation:
- I upgraded the system with command "ossim-db"
- I upgraded tables, using "Apply Upgrades" on menu "Configuration->Software Upgrades"

Now, I have installed AV Ossim 2.1.5 and Policy -> Actions (send a email / execute a external program) don't work..

this is a step-a-step of procedure:

- Go to menu Policy->Actions
- Select "Insert new Action"
- Write a "Description" (in my case, pepe)
- Select as Type "send an email message"
- Fill the field From (in my case, root@ossim.mydomain.com)
- Fill the field To (in my case, victor@mydomain.com)
- Fill the field Subject (in my case, test)
- Write a messages (in my case "hello, this a test")
- Click on OK bottom

the Action is inserted correctly and is showed on Action Lists.


Now, on Policy -> Policy

- Select the option "Insert New Policy"
- On Source, Dest and Ports, I selected "ANY"
- On plugin Groups, I selected "Unix Events" (to include SSH events)
- On Sensors, Install In, I selected "ANY"
- On Police Group, is selected "Default Group"
- On Action, I selected my Action created before, in this case "pepe"
- On Policy behavior, I selected:
- Priority = 5 (for check that this rules is matched and the system change the priority)
- Time = Mon:00 to Sun:23
- Correlate, Cross Correlate, Store and Qualify Events are YES
- SIM and active options are YES

Now.. I connect from a remote computer to OSSIM Server and on menu Events -> SIM Events I watch the log

SSHd: Invalid user 2009-10-06 16:37:54 172.16.100.150 ossim:22 2->1 5 2 1->0 TCP

but, not sent a email and on /var/log/mail.info don't show none messages (of error or other)


this problem is occurring too with "execute a external command".. but, in this case, the commando (mktemp /tmp/vhs.XXXXX) don't work.

How I can test the action ??
How I can view logs ??
any idea or suggestion ??


P.S.: This system is clean, I recently finished installing.