tor
October 11, 2021, 10:59pm
1
Description of your problem
How can I create a alert and notification if someone logs into a sever outside normal office hours. 9am to 6.30pm normal hours. If out side these hours someone try to login then an alert is generated with a email notification.
So time based alerts.
Operating system information
Package versions
gsmith
(GSmith)
October 11, 2021, 11:08pm
2
Hello,
I think your referring to this? You may need to adjust the configurations to your needs.
I have to give respect to @jan for showing me this. This became the most importent Pipeline we use in multiply environments.
rule "Between 6 PM and 6 AM"
when
( to_long(to_date($message.timestamp, "American/Chicago").hourOfDay) >= 0 AND to_long(to_date($message.timestamp, "American/Chicago").hourOfDay) <= 6 ) OR
( to_long(to_date($message.timestamp, "American/Chicago").hourOfDay) >= 18 AND to_long(to_date($message.timestamp, "American/Chicago").hourOfDay) <= 0 )
then
set_field("trigger_workhâŠ
tor
October 11, 2021, 11:13pm
3
Yes that is what Iâm looking for. How do I find out the time zone style that graylog accepts. So Iâm UK london.
Is this a pipeline rule that I can import?
gsmith
(GSmith)
October 12, 2021, 12:27am
4
Next time you can always look in your Graylog âserver.confâ file here
The link inside your configuration file will lead you here.
https://www.joda.org/joda-time/timezones.html
Edit:
@tor
Example:
Create a stream called âWindows: User Successful Logon Localâ.
Create Pipeline and attach it to stream âWindows: User Successful Logon Localâ.
Create the rules and set the stages.
You may have to adjust these steps to your needs.
1 Like
system
(system)
Closed
October 26, 2021, 12:28am
5
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.