Create an alert that triggers on changing IP

HI all,
We currently have our vpn logs going into graylog and have created some notifications and alerts around that data. Once of the ones we want to create is an alarm that will trigger if a users source IP changes substantially. For example, user foo logs in mostly as

foo/192.168.1.1

Suddenly this changes to:

foo/10.92.1.1

how would I go about create an alert that could be triggered by that scenario?

many thanks
Darrin

Hello,

Are these Windows OS’s or Linux OS’s that are sending logs to Graylog?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.