[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Matching questions

To: <ossec-list@xxxxxxxxx>
Subject: [ossec-list] Matching questions
From: "Mark Haney" <mhaney@xxxxxxxxxxxxxxxx>
Date: Mon, 05 Feb 2007 10:28:54 -0500
Content-class: urn:content-classes:message
Content-transfer-encoding: 7bit
Importance: normal
Priority: normal
Thread-index: AcdJOlHq06t3n9UsTNyhDQlGyeH30Q==

Is it possible for me to set a rule up to trigger if a particular logentry was NOT logged inside a time frame?

I want to test for the starting and stopping of a cron job. I have allthe rules in place for all the log entries it will generate, but I wantto be able to test to for the lack of a 'finished' log entry between saymidnight to 11:59pm. Is this possible? Or is there a work around tomake it possible?



--
Ita erat quando hic adveni.

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Follow-Ups:
- [ossec-list] Re: Matching questions
  - From: Nicolas Arias

Prev by Date: [ossec-list] Re: regexp syntax?
Next by Date: [ossec-list] Re: Matching questions
Previous by thread: [ossec-list] [Fwd: Re: [ossec-list] RE: Syslog ossec]
Next by thread: [ossec-list] Re: Matching questions
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.