Time range ?

Unanswered Question
Jun 26th, 2008
User Badges:


I'd like to implement an inspection rule that can only be triggered between 9:00 p.m. and 7:00 a.m. A typical case is that of changes being made to my PIX configuration. This would be a normal event during daytime, but would have to generate a RED alarm should it happen at 2:00 a.m. (especially if the USER should happen to the administrator account!). The CSMARS TIME RANGE seems to have a completely different purpose : is there anyway to implement what I need?

Regards, Joe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhellman Thu, 06/26/2008 - 14:01
User Badges:
  • Blue, 1500 points or more

Drop rules allow a time range. You can use a drop rule to "log to db only" those events with a time range of 7am - 9pm.

joe.favia Fri, 06/27/2008 - 01:45
User Badges:

Drop rules seem to be what I need, but the concept of time range doesn't seem to be what I'm looking for. I don't want to define a start date and end date : my time range must apply every day (better yet, Monday thru Friday). Is there any way to not define the Year-Month-Day fields?

Regards, joe

mhellman Fri, 06/27/2008 - 04:36
User Badges:
  • Blue, 1500 points or more

doh! yeah, that doesn't help. I've never used a time range and didn't pay enough attention to the details. I think you're sol.

ihatelogin Mon, 09/27/2010 - 06:28
User Badges:

I have a similar issue, needing to filter incidents depending on the time of day they occur, i'm using version 4.3 and this doesnt seem to be possible.  Can any of the later versions do this?


This Discussion