Usually creation times are in seconds (starting at some Epoch) and therefore all you have to do<br>is ascertain that two integers don&#39;t differ by more than 30:<br><br>$first: File( pathname matches ..., $ct: creationTime )<br>
$later: File( creationTime &lt; ($ct + 30) )<br><br>-W<br><br><br><div class="gmail_quote">On 14 December 2010 09:37,  <span dir="ltr">&lt;<a href="mailto:kiran.nair@rsa.com" target="_blank">kiran.nair@rsa.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi,<br>
<br>
I want to create a rule for the following scenario:<br>
<br>
1. Event 1 : A file was created under the directory &quot;/root/ &quot; (Comment:<br>
I have implemented this using &#39;matches&#39; in the rule file)<br>
2. Event 2: If File was created under &quot;/root/&quot; then get all the files<br>
created within a 30 seconds of Event1. (Comment: Confused! Don&#39;t know<br>
how to do this!)<br>
<br>
The dataset I have is of all the files created on the system + time of<br>
creation.<br>
<br>
Thanks in advance!<br>
<br>
Rgds,<br>
Kiran<br>
<br>
_______________________________________________<br>
rules-users mailing list<br>
<a href="mailto:rules-users@lists.jboss.org" target="_blank">rules-users@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/rules-users" target="_blank">https://lists.jboss.org/mailman/listinfo/rules-users</a><br>
</blockquote></div><br>