If you’re a LogicMonitor customer, the platform’s Audit Logs may seem like a rudimentary means to track user actions, but they can actually be a powerful tool for troubleshooting and getting historical data within your portal. For instance, let’s say you notice that the alerting for a particular device group has been unexpectedly disabled. You don’t know how long it’s been in that state or whether it was left off intentionally, and you need to determine when and why that change was made as soon as possible. Another example: you need to get all the historical information for a dashboard, including when it was created and whether it was cloned or created from scratch. How would you get either of these pieces of information?
With Audit Logs.
As the definitive record of actions taken within a portal, Audit Logs give an unparalleled view into the history of any object and user within your portal. Even better, they’re easy to use with multiple ways to access them.
Accessing the LogicMonitor Audit Logs
First off, Audit Logs can be queried from the LogicMonitor API. These results can be further refined for post-processing and analysis. From within the portal, there are two main ways to access Audit Logs, from the Audit Logs page and with Audit Log Reports.
From here, you can search on any object within the portal from the past several months. I know what you’re thinking; what if I need to search further than one or two months into the past? Never fear, the Audit Log Report has you covered. More on that in a bit.
The Audit Log page has a built-in user filter as well, so you can select individual users to narrow results. Maybe you’ve had trouble finding the results you’re looking for, but you know only one of three users has the permissions necessary to take that action. You can filter on those three users specifically to help find the log entry desired. After finding the desired information, you can download to a CSV file of your results or create an Audit Log Report out of your search.
Powering Up Audit Logs with Reports
The Audit Log Report is where Audit Logs get magical. You can access the Audit Logs Report through the Reports page or by selecting ‘Create Report’ on the Audit Logs page. Instead of being limited to the past several months, this report can search as far back as your LogicMonitor package alert history storage specifies. Need to look back at the history of that Service you created last year? Here’s where you can find those logs. The Audit Log Report contains the same search capability and user filter as the Audit Log page, but also allows you to generate in PDF and HTML formats as well as enabling you to sort returned results by User instead of Date.
Scheduling an Audit Log Report
Most importantly, the Audit Log Report can be set to run on a schedule. This serves several purposes. If your portal has a Resource, Dashboard, Group, User, etc that has had a lot of action recently, and you want to keep tabs on it, you can build a report and set it to update you on a regular basis with a log of all actions related to that object. Also, if you have Audit Log data that’s in danger of being removed from the system because of your alert history storage limits, you can generate and export an Audit Log Report on a regular basis to back up this data on your system.
All in all, Audit Logs are a powerful and underutilized tool within LogicMonitor. Take advantage of them to make managing and investigating your LogicMonitor platform even easier.
