
|Orphan Events|
How It Works
Once Logalot is installed, the hardware can be configured to push messages (e.g. syslogs, SNMP traps, email, etc.) to the machine Logalot is configured on. If it is a Microsoft® server, Logalot can be configured to retrieve the events.
Initially, all messages collected by the Logalot server will show up as Orphan Messages. Orphans are events that Logalot needs to be instructed on how to process.
From the Orphan window, the Logalot Administrator clicks on an Orphan to create a policy. This is done by selecting only part of the message that Logalot will attempt to match future collected messages against.
When a new message comes in, it is runs past all the policies and if a match is found, action is taken. All devices sending messages that violate the same policy are listed under the same bulletin board entry.
| Post to the bulletin board | |
| Delete the message | |
| Save the message but, don’t post it to the bulletin board |
If a message is posted to the bulletin board, notification can occur if one of two conditions are met:
| The threshold is met (e.g. 10 occurrences of this message) over any length of time | |
| The threshold is met within a specified time period (e.g. 8 occurrences of this message within a 5 minute interval) |
The next event/syslog message that violates this policy will cause this policy to post itself to the bulletin board in the color specified. It's very simple.
Network Traffic Monitoring & Diagnostics Tools
Plixer International - Setting Standards in NetFlow & sFlow Analysis© 2002 - 2010 Plixer International, Inc.










