(2012 update: Logalot is now part of Scrutinizer)
Are you getting a lot of syslogs and want to filter what you are being alerted on?
Logalot, a Centralized Log Management application, has policy management features that allow you to filter on the incoming logs and alert based on the type, the number, or content of the logs.
For this blog post, I will be focusing on the triggers for sending alerts based on the number of incoming logs.
In Logalot, there are two types of triggers for sending alerts: a Threshold trigger and a Rate trigger.
The Threshold trigger is based solely on the number of incoming logs. It can be Device-specific, and can be set to alert on every policy violation or just the first violation of the policy. A policy violation is determined by matching the policy filters of any or all of the following: message text, source address, protocol (Eventlog, Syslog, SNMP Trap, SMTP) and protocol specific filters.
The Rate trigger fine tunes the violation count to n violations in the defined interval (in minutes). Again, this can be defined as Device specific (counts will be separate per device), and alerts be processed for each violation, or just the first.
With this flexibility in determining when to send alerts, Logalot can filter exactly when you are notified of an issue on your network.
Check out our product pages for more information on what syslog and Event log management can do for you, or call our Sales team at 207-324-8805, option 3.