On Thu, Jan 19, 2017 at 11:18 AM, Bertrand Danos <mille...@gmail.com> wrote: > Hello, > > Is it possible to generate alerts on events that are outside a specific time > slot? > > By sample, detect each user that connect on a computer outside the (08:00 - > 20:00) timeslot. > >> Jan 19 07:00:00 test-computer runuser: pam_unix(runuser:session): session >> opened for user foo by (uid=0) > >
Perhaps the <time> option will help: https://ossec.github.io/docs/syntax/head_rules.html#element-time > > Thanks in advance for your help. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
