Hi all!

I have a question regarding correlation rules. Lets suppose that we want
to write a correlation rule that would be triggered by some event and
then it would wait for some amount of time for a different event and if
this second event does not occur then this rule would fire. Is it
possible to implement this in some tidy way?

Case example:
There is a service running on a server. Stopping this service triggers
an event but a rule should fire only if for lets say 2 minutes we don't
receive an event that this service is restarting.

Any ideas would be appreciated.

lolszewski's Profile: https://forums.netiq.com/member.php?userid=4416
View this thread: https://forums.netiq.com/showthread.php?t=47115