On Wed, Dec 22, 2010 at 8:19 AM, ItsMikeE <[email protected]> wrote: > I have seen an option to specify a time range in a rule (such as detecting > logins during non-business hours). > > Is there a way to specify days? > I want to skip reporting on syslogd re-starting if it is at a specified time > and date (i.e. don't report if it starts between 4am and 4:30 am on a > Sunday) > >
Looks like <time> and <weekday> are the options you're looking for: http://www.ossec.net/doc/syntax/head_rules.html
