Just a general question, but is it possible to set up an alert in ELSA so that,
say, every hour the previous hour's worth of logs will have a query run on
them, and if that query returns results then the alert will be emailed?
A possible use-case would be to send an alert if in the previous hour there
were any windows events with eventid 4625.
Is that possible with the alert system as it is now?
Original issue reported on code.google.com by i...@pingas.org on 3 May 2013 at 7:15
Original issue reported on code.google.com by
i...@pingas.org
on 3 May 2013 at 7:15