Hello all, Is it possible to write a decoder for the output of a command ?
For example I have set up this command
<localfile>
<log_format>command</log_format>
<command>last</command>
</localfile>
and would like to decode the output to get the source IP and later
compare it to a cdb list in rule
to alert when no match is found against that list .
Am I completely off on this ?
Thank you
