Usually creation times are in seconds (starting at some Epoch) and therefore all you have to do is ascertain that two integers don't differ by more than 30:
$first: File( pathname matches ..., $ct: creationTime ) $later: File( creationTime < ($ct + 30) ) -W On 14 December 2010 09:37, <kiran.n...@rsa.com> wrote: > Hi, > > I want to create a rule for the following scenario: > > 1. Event 1 : A file was created under the directory "/root/ " (Comment: > I have implemented this using 'matches' in the rule file) > 2. Event 2: If File was created under "/root/" then get all the files > created within a 30 seconds of Event1. (Comment: Confused! Don't know > how to do this!) > > The dataset I have is of all the files created on the system + time of > creation. > > Thanks in advance! > > Rgds, > Kiran > > _______________________________________________ > rules-users mailing list > rules-users@lists.jboss.org > https://lists.jboss.org/mailman/listinfo/rules-users >
_______________________________________________ rules-users mailing list rules-users@lists.jboss.org https://lists.jboss.org/mailman/listinfo/rules-users
