How to setup mail alert in Security Onion

Building SIEM at Home

How to setup mail alert in Security Onion
Ngoc Vuong's photo
Ngoc Vuong

Published on Jun 16, 2021

2 min read

Email Configuration

In this stage, we will setup mail alert such as: Sguild, Wazuh, Zeek,...

Using smtp server in your localhost Setup postfix and mailutils

sudo apt-get install postfix mailutils

Create your password file with

vi /etc/postfix/sasl_passwd

Populate the password file. Example:


Secure the file by running

chmod 600 /etc/postfix/sasl_passwd

Replace the contents of the config file by running

vi /etc/postfix/

Place the following in the file:

relayhost = []:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Encode password file by running

postmap /etc/postfix/sasl_passwd

Restart postfix service by running

systemctl restart postfix.service

Replace with your email in the following code and test sending mail:

echo "Test mail from postfix" | mail -s "Test Postfix"

Give google a min to process. You should see the sent mail in your sent folder for your gmail account and in the inbox of the specified destination account. If the mail doesn't come, check

tail -f /var/log/mail.log


Automatically Setup

If you want to configure email, you can run so-email and it will automatically configure automated server-side email for you as described below. Simply run the following command and follow the prompts:

sudo so-email



image.png Select email you want to recieve email

Enter your email image.png Enter your smtp server (localhost is my SMTP server) Select daily report


Another for Sguil, OSSEC


Click Yes and waiting for setup


Testing DDOS using hping3:


View result in email


Write up by Fr0st

Share this