I have script that creates a ICS file (iCalender ) which is later consumed by a mobile device .
if the event is set to repeat daily withing two dates, the file produces 7 entries per day.
I can reproduce the problem with the file below, simply by importing it to Google calendar (by attaching it to an email, sending it to my gmail account and pressing add to calendar)
but I have no idea why it will creates multiple entries , I tried tweaking with some of the entries, only to end up with an invalid file
here is my test file
BEGIN:VCALENDAR
PRODID:-//Test Productions //Test Event//EN
VERSION:2.0
METHOD:REQUEST
BEGIN:VEVENT
SUMMARY:Test Event
DESCRIPTION:Description of Test Event
DTSTART:20140825T100000Z
DTEND:20140831T110000Z
RRULE:FREQ=DAILY;UNTIL=20141231T060000Z
LOCATION:Planer Earth
CLASS:PUBLIC
BEGIN:VALARM
TRIGGER:-PT1H
ACTION:EMAIL
END:VALARM
END:VEVENT
END:VCALENDAR
The problem actually was that the duration was several days and 1 hour (probably you only wanted 1 hour?)
DTSTART:201408**25**T100000Z
DTEND:201408**31**T110000Z
so after a few days you would have had several of these events running concurrently until they started ending ... until the last recurrence of the last one, only one event would have been running.
Stumbled on the aswer:
if you specify RRULE:FREQ=DAILY;UNTIL=20141231T060000Z
you should not include DTEND:20140831T110000Z entry
Related
I'm trying to use a kibana trigger from a monitoring alert using the message box to formulate a kibana link that sends it to a specific kibana dashboard for a time period of the last 7 days from the time the alert is triggered and send it to a slack webhook.
I'm using the ctx.periodStart variable as my ending period. Is it possible to get the exact timestamp that's 7 days from the ctx.periodStart timestamp as part of my kibana trigger message (In other words, if the ctx.periodStart timestamp is 2022-04-11T19:19:25Z as my period ending range, I want to have the beginning timestamp value at 2022-04-04T19:19:25Z)? I can't seem to find anything that can do this. The only way around this issue is to use the ctx.results.0.hits.hits.0._source.timestamp variable as my starting period and that timestamp value is a bit earlier than the exact 7 days from the ctx.periodStart timestamp. Using a relative time period (like now-7d) isn't going to cut it because we fire this kibana monitor alert every Friday at noon to grab a query where we know we will get at least 1 hit and every Tuesday at midnight where we know we are not likely to get any results from the query. And since we know that this alert will go to a slack message with the kibana dashboard link once a week, putting a relative time period like 'now-7d' is going to mess up the kibana links for past slack alerts from the same kibana monitoring alert.
Thanks.
I have an issue with capturing exchange logs from a customer production environment. The logs exist in a set of directories, and are labeled such as:
-- .../dir1/http_2021101002-1.log
-- .../dir1/http_2021101003-1.log
-- .../dir1/http_2021101004-1.log
-- .../dir1/http_2021101004-2.log (if previous log reached max size for example)
These logs would cover October 10 at hour 02, 03, and two sets at 04.
Now, I can add an ossec entry in the config such as:
<localfile>
<log_format>syslog</log_format>
<location>C:\Program Files\microsoft\exchange server\v15\logging\httpproxy\Ecp\HttpProxy_%Y%m%d%H-2.log</location>
</localfile>
The problem though, is this hour field, as with the rest of the date field strftime replacements only gets evaluated on agent start/restart. So, it might catch the first one of the day if I add an entry for hour zero, but it will not catch any logs after that unless I restart each hour. Is there any way around this to capture logs from each hour of the day? I cannot mix wildcard and strftime so that is out, and if I wildcard the entire file name wazuh will crash under load because of a know issue where it can only handle so much traffic before dying HARD. Any thoughts?
Logcollector location field only allows year, month and day strftime format strings (https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/localfile.html#location). The use of hourly files will not work due to the update of the filename to read is done daily.
As you have said the only solution is to use a wildcard or select the whole directory as a location value. Regarding the overloading issue, there is a few of possible solutions, that can be used together or separately:
Use the age field with a 1h value. This will ignore all files that have not been modified for 1 hour.
Change the logcollector.max_lines in your local_internal_option file (https://documentation.wazuh.com/current/user-manual/reference/internal-options.html?highlight=local_internal_option) to change the maximum number of logs read from the same file in each iteration. Change it according to your environment (10000 by default)
I have an icalendar I generate via PHP so people can download the latest schedule to their phones. It works great except that the game times are off by 6 hours on my iPhone. The game time is perfectly fine displaying on Windows calendar.
I've tried playing with the timezones and times but cannot get them to be equal on all platforms.
The calendar is viewable at:
webcal://cal.outbackthunder.com
Dawson,
your ics file at http://cal.outbackthunder.com has the event dates specified in 'local' or 'floating' times.
So the importing app will probably make the events be that time in it's timezone. 8am is 8am in all timezones (think of a travellers alarm clock - where they want to wake at 8m no matter the timezone they are in, vs a reminder to call their partner at 8am in the home timezone, where they'd then want it to adjust to the traveling timezone.)
Either add a Z and issue date-times in UTC, or add the TZID identifer of the timezone.
See https://www.rfc-editor.org/rfc/rfc5545#section-3.3.5.
See these examples in the spec:
Example: The following represents July 14, 1997, at 1:30 PM in New
York City in each of the three time formats, using the "DTSTART"
property.
DTSTART:19970714T133000 ; Local time
DTSTART:19970714T173000Z ; UTC time
DTSTART;TZID=America/New_York:19970714T133000
; Local time and time
; zone reference
Also try running your ics file through as many validators as you can find if you want the general public to be able to use the url. They tend to report slightly differently. EG: one says of http://cal.outbackthunder.com
DATE-TIME value in [DTSTAMP] must be specified in UTC time
Property [ORGANIZER] must be specified once
I'm currently working with the ical format and need to handle recurring events.
I'm working directly with Icloud and have managed to create and delete recurring events.
However, I encountered some problems when trying to update a single occurence of the said recurrence.
For example, let's say I have an event called 'test' scheduled every day for a week.
How should I proceed to rename the occurence of Tuesday to 'other title'? Or even change the dates for this particular occurrence ?
I tried to simply update the occurence by using it's ID but it seems to create a clone of it and not touch the real occurence. Moreover when trying to access the cloned event from the Icloud calendar interface it crashes.
So I'm a bit stuck and would appreciate some help :)
Thanks a lot,
It is not totally clear whether you are trying to update the occurence.
In any case, you should still have only one calendar resource but it should contain
one "master" VEVENT, containing the base information,along with the RRULE,
one VEVENT for each instance that is an "exception" to the base event, where each exception is identified by its RECURRENCE-ID.
RFC5545 does not have any example of such event but RFC5546 has something pretty close at https://www.rfc-editor.org/rfc/rfc5546#section-4.4.8 (using RDATE instead of RRULE and no need for the METHOD property but you get the idea).
Posting for future readers. For some reasons it's super hard to find a working example of RECURRENCE-ID
The following resource will repeat an event 'test' (10AM - 1PM UTC) everyday for 10 days starting on Jan 13th, 2021, EXCEPT on Jan 15th 2021, the event will be called 'test except me' and starts 3PM - 6PM UTC.
BEGIN:VCALENDAR
VERSION:2.0
BEGIN:VEVENT
UID:232392939239293293#hello.me
DTSTART:20210113T100000Z
DTEND:20210113T130000Z
SUMMARY:test
RRULE:FREQ=DAILY;INTERVAL=1;COUNT=10
END:VEVENT
BEGIN:VEVENT
UID:232392939239293293#hello.me
DTSTART:20210115T150000Z
DTEND:20210115T180000Z
SUMMARY:test except me
RECURRENCE-ID;VALUE=DATE-TIME:20210115T100000Z
END:VEVENT
END:VCALENDAR
I've got a little problem, I need to be able to have a reoccurring event (forever) that marks the day after the second Tuesday of each month.
Your probably thinking, why not just Wednesday of each month.
October 2008 is an example, it starts on a Wednesday. :(
Really I just need it in Outlook, probably (but not limited to) some iCalendar format file.
The following iCalendar rule should work:
RRULE:FREQ=MONTHLY;BYDAY=WE;BYMONTHDAY=9,10,11,12,13,14,15
It should be read as "The first Wednesday of every month that falls on the 9th or later".
Edit: To use, create a calendar with a recurring event and export it to .ics. Open the ics file, find the existing RRULE, replace it with this one and import the ics back into outlook.