Re: [ossec-list] Re: alert for logging outside working hours

[dan (ddp)]

On Wed, Dec 9, 2015 at 2:33 AM, Maxim Surdu  wrote:
> The correct time is showed in kibana
>

Make sure you have the correct timezone file in /var/ossec/etc/localtime.

> luni, 7 decembrie 2015, 12:09:40 UTC+2, Maxim Surdu a scris:
>>
>> Hi everyone,
>>
>> I am new in Ossec, i configure ossec-server and ossec agent, all is
>> working formidable!
>> but i need to create an alert to show me people who are logging outside
>> working hours in my system server or agent
>> for example my company working hours are Monday-Friday from 09.00 until
>> 18.00 and i need to know who from my employers working after work-hours!
>>
>> Any help would be greatly appreciated
>>
>> Thanks,
>> Maxim
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: alert for logging outside working hours

[Maxim Surdu]

my software and hardware clock are synchronized 
but one of them is with AM and PM second is with 24 hours


[root@ossec ~]# hwclock
Wed 09 Dec 2015 11:18:53 AM EET  -0.610627 seconds
[root@ossec ~]# date
Wed Dec  9 11:18:54 EET 2015


luni, 7 decembrie 2015, 12:09:40 UTC+2, Maxim Surdu a scris:
>
> Hi everyone,
>
> I am new in Ossec, i configure ossec-server and ossec agent, all is 
> working formidable!
> but i need to create an alert to show me people who are logging outside 
> working hours in my system server or agent 
> for example my company working hours are Monday-Friday from 09.00 until 
> 18.00 and i need to know who from my employers working after work-hours!
>
> Any help would be greatly appreciated
>  
> Thanks,
> Maxim
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Re: alert for logging outside working hours

[dan (ddp)]

On Dec 8, 2015 10:58 AM, "Maxim Surdu"  wrote:
>
> Allert is working fine!
> In kibana the log is coming with 2015 Dec 08 17:45:20
> in mail alert is coming with 2015 Dec 08 07:45:20
> not 17:45 or 05:45 but 07:45 and this can be problematic
>

Which one is correct? If the ossec alert is wrong, check the timezone file
at /var/ossec/etc/localtime
I'm not sure how to check the timezone of the kibana instance.

>
>
> luni, 7 decembrie 2015, 12:09:40 UTC+2, Maxim Surdu a scris:
>>
>> Hi everyone,
>>
>> I am new in Ossec, i configure ossec-server and ossec agent, all is
working formidable!
>> but i need to create an alert to show me people who are logging outside
working hours in my system server or agent
>> for example my company working hours are Monday-Friday from 09.00 until
18.00 and i need to know who from my employers working after work-hours!
>>
>> Any help would be greatly appreciated
>>
>> Thanks,
>> Maxim
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
"ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: alert for logging outside working hours

[Maxim Surdu]

Allert is working fine!
In kibana the log is coming with* 2015 Dec 08 17:45:20*
in mail alert is coming with *2015 Dec 08 *07*:45:20*
not 17:45 or 05:45 but 07:45 and this can be problematic


luni, 7 decembrie 2015, 12:09:40 UTC+2, Maxim Surdu a scris:
>
> Hi everyone,
>
> I am new in Ossec, i configure ossec-server and ossec agent, all is 
> working formidable!
> but i need to create an alert to show me people who are logging outside 
> working hours in my system server or agent 
> for example my company working hours are Monday-Friday from 09.00 until 
> 18.00 and i need to know who from my employers working after work-hours!
>
> Any help would be greatly appreciated
>  
> Thanks,
> Maxim
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: alert for logging outside working hours

[Maxim Surdu]

The correct time is showed in kibana

luni, 7 decembrie 2015, 12:09:40 UTC+2, Maxim Surdu a scris:
>
> Hi everyone,
>
> I am new in Ossec, i configure ossec-server and ossec agent, all is 
> working formidable!
> but i need to create an alert to show me people who are logging outside 
> working hours in my system server or agent 
> for example my company working hours are Monday-Friday from 09.00 until 
> 18.00 and i need to know who from my employers working after work-hours!
>
> Any help would be greatly appreciated
>  
> Thanks,
> Maxim
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.