Security Advisor email notifications not working?

QubeRoot

Registered
May 9, 2019
4
1
3
UK
cPanel Access Level
Root Administrator
Hi.

We're running cPanel v78.0.23. On previous cPanel installs we have received email notifications from Security Advisor when new kernels are available, or when reboots are required etc. However our current server seems to not be doing this. On logging in to WHM there are reboot required and new kernel available notifications visible in Security Advisor, but we've received no emails to this effect - meaning that we're currently having to log in to the server daily to check it.

We have email addresses correctly configured in Contact Manager, with email set to receive notifications of all importances (i.e. high+medium+low). The 'Security Advisor State Change' notification type has an importance of high, so I would expect to be receiving emails.

We do receive regular 'Excessive number of failed login attempts ...' emails from the server to the email addresses configured in Contact Manager, so I don't think this is a problem with email per-se. It just seems to be Security Advisor (and perhaps some other services, who knows?) that are failing to send messages.

Any advice would be gratefully received.

(Are there any logs that I can check to confirm whether an attempt is being made to send by Security Advisor to send notification emails?)

Thanks in advance.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello @QubeRoot

They should be logged to the cPanel error logs at
Code:
/usr/local/cpanel/logs/error_log
And there should be an exim transaction which would be present at
Code:
/var/log/exim_mainlog
 

QubeRoot

Registered
May 9, 2019
4
1
3
UK
cPanel Access Level
Root Administrator
Thanks for the suggestions @cPanelLauren.

I've checked /usr/local/cpanel/logs/error_log and can indeed see an entry:

New Security Advisor notifications with High importance

This is burried among a number of entries, which all seem to originate from the fix-cpanel-perl script, which is running from cron at the same time

However, I can see nothing in the Exim log on/since the date of the notification above to suggest that an email was sent (I've grepped on advisor, notification etc to no avail).

On further inspection of /usr/local/cpanel/logs/error_log, I can see various

info [queueprocd] chkservd::Notify Notification
info [queueprocd] cPHulk::Login Notification

entires corresponding to email notificaitons that were sent (and received), so I would expect to see something similar from Security Advisor, but do not.

Do you have any idea why Security Advisor might not be sending messages, or suggestions for anything else I might look at to try to debug to problem?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
 

QubeRoot

Registered
May 9, 2019
4
1
3
UK
cPanel Access Level
Root Administrator
Hi @cPanelLauren,
Unfortunately I can't submit a support ticket at this time. We have some data policy restrictions on the server that prohibit overseas access.
Can you think of anything else that I might investigate myself? If not, I'm tempted to add a cron script to to the necessary checks and fire off a security advisior email by calling `/scripts/check_security_advice_changes --notify` directly
 
  • Like
Reactions: cPanelLauren