JOIN GRAYLOG FOR OUR

ANNUAL CONFERENCE

Thursday,
October 21, 2021
10am-5pm CT
REGISTER NOW

Time based alerts

Description of your problem

How can I create a alert and notification if someone logs into a sever outside normal office hours. 9am to 6.30pm normal hours. If out side these hours someone try to login then an alert is generated with a email notification.

So time based alerts.

Operating system information

  • CentOS 7.9

Package versions

  • Graylog 4.1.2

Hello,
I think your referring to this? You may need to adjust the configurations to your needs.

Yes that is what I’m looking for. How do I find out the time zone style that graylog accepts. So I’m UK london.

Is this a pipeline rule that I can import?

Next time you can always look in your Graylog “server.conf” file here

The link inside your configuration file will lead you here.

https://www.joda.org/joda-time/timezones.html

Edit:

@tor

Example:

  • Create a stream called “Windows: User Successful Logon Local”.

  • Create Pipeline and attach it to stream “Windows: User Successful Logon Local”.

  • Create the rules and set the stages.

You may have to adjust these steps to your needs.

1 Like