Security Advisor email notifications not working?

[QubeRoot]

Hi.

We're running cPanel v78.0.23. On previous cPanel installs we have received email notifications from Security Advisor when new kernels are available, or when reboots are required etc. However our current server seems to not be doing this. On logging in to WHM there are reboot required and new kernel available notifications visible in Security Advisor, but we've received no emails to this effect - meaning that we're currently having to log in to the server daily to check it.

We have email addresses correctly configured in Contact Manager, with email set to receive notifications of all importances (i.e. high+medium+low). The 'Security Advisor State Change' notification type has an importance of high, so I would expect to be receiving emails.

We do receive regular 'Excessive number of failed login attempts ...' emails from the server to the email addresses configured in Contact Manager, so I don't think this is a problem with email per-se. It just seems to be Security Advisor (and perhaps some other services, who knows?) that are failing to send messages.

Any advice would be gratefully received.

(Are there any logs that I can check to confirm whether an attempt is being made to send by Security Advisor to send notification emails?)

Thanks in advance.

 

[cPanelLauren]

Hello @QubeRoot

They should be logged to the cPanel error logs at

/usr/local/cpanel/logs/error_log

And there should be an exim transaction which would be present at

/var/log/exim_mainlog

 

[QubeRoot]

Thanks for the suggestions @cPanelLauren.

I've checked /usr/local/cpanel/logs/error_log and can indeed see an entry:

New Security Advisor notifications with High importance

This is burried among a number of entries, which all seem to originate from the fix-cpanel-perl script, which is running from cron at the same time

However, I can see nothing in the Exim log on/since the date of the notification above to suggest that an email was sent (I've grepped on advisor, notification etc to no avail).

On further inspection of /usr/local/cpanel/logs/error_log, I can see various

info [queueprocd] chkservd::Notify Notification
info [queueprocd] cPHulk::Login Notification

entires corresponding to email notificaitons that were sent (and received), so I would expect to see something similar from Security Advisor, but do not.

Do you have any idea why Security Advisor might not be sending messages, or suggestions for anything else I might look at to try to debug to problem?

 

[cPanelLauren]

Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

[QubeRoot]

Hi @cPanelLauren,
Unfortunately I can't submit a support ticket at this time. We have some data policy restrictions on the server that prohibit overseas access.
Can you think of anything else that I might investigate myself? If not, I'm tempted to add a cron script to to the necessary checks and fire off a security advisior email by calling `/scripts/check_security_advice_changes --notify` directly

 

[QubeRoot]

Hi @cPanelLauren,
FYI I've added a cron job as above, which seems to be working fine.

 

[cPanelLauren]

Hi @QubeRoot


I'm glad to hear that the cron is working, thanks for letting us know what you did to solve the issue.