|Orphan Events|

How It Works
Once Logalot is installed, the hardware can be configured to push messages (e.g. syslogs, SNMP traps, email, etc.) to the machine Logalot is configured on. If it is a Microsoft® server, Logalot can be configured to retrieve the events.

Initially, all messages collected by the Logalot server will show up as Orphan Messages. Orphans are events that Logalot needs to be instructed on how to process.

Click to enlarge

Click to enlarge

From the Orphan window, the Logalot Administrator clicks on an Orphan to create a policy. This is done by selecting only part of the message that Logalot will attempt to match future collected messages against.

When a new message comes in, it is runs past all the policies and if a match is found, action is taken. All devices sending messages that violate the same policy are listed under the same bulletin board entry.

	Post to the bulletin board
	Delete the message
	Save the message but, don’t post it to the bulletin board

If a message is posted to the bulletin board, notification can occur if one of two conditions are met:

	The threshold is met (e.g. 10 occurrences of this message) over any length of time
	The threshold is met within a specified time period (e.g. 8 occurrences of this message within a 5 minute interval)