[ossec-list] alert for logging outside working hours

2015-12-07 Thread Maxim Surdu 
Hi everyone,

I am new in Ossec, i configure ossec-server and ossec agent, all is working 
formidable!
but i need to create an alert to show me people who are logging outside 
working hours in my system server or agent 
for example my company working hours are Monday-Friday from 09.00 until 
18.00 and i need to know who from my employers working after work-hours!

Any help would be greatly appreciated
 
Thanks,
Maxim

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] alert for logging outside working hours

2015-12-07 Thread dan (ddp) 
On Mon, Dec 7, 2015 at 4:06 AM, Maxim Surdu  wrote:
> Hi everyone,
>
> I am new in Ossec, i configure ossec-server and ossec agent, all is working
> formidable!
> but i need to create an alert to show me people who are logging outside
> working hours in my system server or agent
> for example my company working hours are Monday-Friday from 09.00 until
> 18.00 and i need to know who from my employers working after work-hours!
>
> Any help would be greatly appreciated
>


You should be able to use the  option:
http://ossec.github.io/docs/syntax/head_rules.html#element-time

So something like (totally untested):

authentication
6 pm - 9 am
Login after hours


> Thanks,
> Maxim
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.