Joe,
There are no special variables for context creation times, since the context
name space is huge and would most certainly clashes between user-defined
variables. I think the best solution would be to store the context creation
time with 'add' action as the first line in the context's event
Jeff,
with the current version of SEC, you also have to provide action-on-expire for
'set' -- if only lifetime is provided, the action-on-expire will be cleared.
This issue was actually recently discussed in this list, and since there have
been no objections to changing the semantics of 'set',
On 10/07/2009 05:44 PM, Jeff Schroeder wrote:
On Wed, Oct 7, 2009 at 4:02 AM, Risto Vaarandirvaara...@yahoo.com wrote:
Jeff,
with the current version of SEC, you also have to provide action-on-expire
for 'set' -- if only lifetime is provided, the action-on-expire will be
cleared. This
Given loglines like this:
Oct 7 08:46:20.000 ops1.sys.dev1.int sudo: jschroeder : 3 incorrect
password attempts ; TTY=pts/13 ; PWD=/home/jschroeder ; USER=root ;
COMMAND=/usr/bin/test test test
Oct 7 08:47:51.000 ops1.sys.dev1.int sudo: jschroeder : 3 incorrect
password attempts ; TTY=pts/15 ;