Download Logalot

Want to try Logalot? Contact us for an evaluation copy today!

|Orphan Events|

Click to enlarge

How It Works
Once Logalot is installed, the hardware can be configured to push messages (e.g. syslogs, SNMP traps, email, etc.) to the machine Logalot is configured on. If it is a Microsoft® server, Logalot can be configured to retrieve the events.

Initially, all messages collected by the Logalot server will show up as Orphan Messages. Orphans are events that Logalot needs to be instructed on how to process.

Click to enlarge

From the Orphan window, the Logalot Administrator clicks on an Orphan to create a policy. This is done by selecting only part of the message that Logalot will attempt to match future collected messages against.

Click to enlarge


Click to enlarge

When a new message comes in, it is runs past all the policies and if a match is found, action is taken. All devices sending messages that violate the same policy are listed under the same bulletin board entry.

	Post to the bulletin board
	Delete the message
	Save the message but, don’t post it to the bulletin board

If a message is posted to the bulletin board, notification can occur if one of two conditions are met:

	The threshold is met (e.g. 10 occurrences of this message) over any length of time
	The threshold is met within a specified time period (e.g. 8 occurrences of this message within a 5 minute interval)

The next event/syslog message that violates this policy will cause this policy to post itself to the bulletin board in the color specified. It's very simple.