The desired workflow is:

- user login processed from a log file (imap, web, unix, etc)

- user name and IP (network) check

- if the user is from an unknown network then an alert should be generated

- the IP networks are unique per user, ie user1 is working at site1 and user2 at site2 so if the user2 logs in from site1 there must be something wrong -> alert

- easy way to maintain IP networks, optionally automatic expiry (if user1 not logged in awhile from net23 then net23 (or 12.223.23/24 or so) should be removed from their trusted network

- also would be wonderful if time related correlation could be defined, I mean user1 logs in from company network between 8am and 5pm but from home on weekends, in case the user log in occur on weekend in the company network -> alert!

Is it possible? :)