On Mon, Dec 7, 2015 at 4:06 AM, Maxim Surdu wrote:
> Hi everyone,
>
> I am new in Ossec, i configure ossec-server and ossec agent, all is working
> formidable!
> but i need to create an alert to show me people who are logging outside
> working hours in my system server or agent
> for example my company working hours are Monday-Friday from 09.00 until
> 18.00 and i need to know who from my employers working after work-hours!
>
> Any help would be greatly appreciated
>
You should be able to use the option:
http://ossec.github.io/docs/syntax/head_rules.html#element-time
So something like (totally untested):
authentication
6 pm - 9 am
Login after hours
> Thanks,
> Maxim
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.