Is there a way to setup notice based on time of access via ssh? In other words, create a notice if access to a server happens at 11pm?
Unfortunately that's something I've been wanting to address but we haven't had the cycles to approach it quite yet. I'm starting to think that maybe I should finally hack a solution together soon (it's possible now, but *really* nasty and hacky). If I get a chance soon I'll hack together something that would let you define time in that way.
Sounds awesome. I look forward to it.
I didn¹t seen anything in snort with this ability either. Keep up the good