Automated Diagnostics and Remediation Overview

Last updated - 27 May, 2026

Automated Diagnostics and Remediation provides immediate insights into issues that are outside the coverage of automated alerts by collecting data and enabling you to diagnose and remediate issues in your LogicMonitor portal. The real-time data ensures efficient issue resolution and improved system reliability.

You can manually configure a DiagnosticSource and a RemediationSource module and also import LogicMonitor-supported out-of-the-box packages. You can run the configured modules to collect data to diagnose and remediate issues for resources. LogicMonitor-supports manual and automatic running of these modules. You can configure Action Rules and Action Chains to automatically run DiagnosticSources and RemediationSources based on the alert conditions specified in the Action Rule. After the modules run, you can view the output and run history for the past 30 days for the resource.

DiagnosticSources and RemediationSources

You can configure a DiagnosticSource and a RemediationSource using Groovy or PowerShell scripts to target specific issues such as high CPU utilization or increased memory usage. For more information, see DiagnosticSources Configuration.

In addition, LogicMonitor provides the following out-of-the-box DiagnosticSources that you can import:

• Linux SSH Trace Route—Provides information about the route packets take to reach a network host on a Linux system.
• Linux SSH Top CPU and Memory—Provides information about running processes on a Linux system.
• Linux SSH IP Link—Provides information about network interfaces on a Linux system.
• Microsoft SQLServer Queries—Returns the top longest-running cached queries by total execution time.
• Microsoft SQLServer Blocked Processes—Returns blocking sessions in a Microsoft SQL Server instance.
• Microsoft Powershell – Network Interfaces—Provides information about network interfaces and their configuration on a Windows system.
• Microsoft Powershell – Top CPU and Memory—Provides information about running processes with highest CPU and memory usage on a Windows system.
• Microsoft Powershell – Top Event Logs—Displays the ten most recent critical and error events from the Windows Security, System, and Application Event logs for comprehensive system monitoring.
• Microsoft Powershell – User Privilege Change—Monitors and reports all user privilege escalations and security-related changes from the Windows Security Event logs over the last seven days for audit and compliance purposes.

LogicMonitor provides the following out-of-the-box RemediationSources that you can import:

• Restart Linux Device—Runs the reboot command on a Linux system.
• Kill Linux Process—Terminates a process on a Linux system.
• Launch Linux Process—Launches a process on a Linux system using nohup.
• Restart Windows Device—Restarts a Windows device using PowerShell remoting.
• Suspend Windows Server Cluster Node—Drains and suspends a node in a Windows Failover Cluster.
• Resume Windows Server Cluster Node—Resumes a suspended node in a Windows Failover Cluster and brings it back online.
• Launch Windows Process—Launches a process or starts a Windows service.
• Kill Windows Process—Terminates a process or service on a Windows system.
• Microsoft Windows Disk Cleanup—Performs disk cleanup operations on Windows systems by removing temporary files, cleaning Windows updates cache, emptying Recycle Bin, and clearing system temporary folders to free up disk space.

For more information, see Importing a Module.

You can manage DiagnosticSources and RemediationSources to keep them up to date. For more information, see Modules Management.

Action Rules and Action Chains

You can configure Action Rules to define conditions where an alert automatically runs a DiagnosticSource and RemediationSource and associate the results with the resource. For more information, see Action Rule Configuration.

Similarly, you can configure Action Chains to define stages of automated actions that include both DiagnosticSources and RemediationSources. When an alert matches conditions specified in an Action Rule, the Action Chain runs to diagnose and remediate the issue. For more information, see Action Chains Configuration.

Manual and Automated Execution of DiagnosticSources and RemediationSources

You can run DiagnosticSources and RemediationSources to collect data, find the root cause of issues, and remediate them. LogicMonitor supports the following methods:

• Manual—You can manually run a DiagnosticSource and RemediationSource script both from the Resources page and Alerts page for a resource that has DiagnosticSources and RemediationSources applied. For more information, see DiagnosticSource Execution for Resources.
• Automated—You can configure Action Rules and Action Chains to automatically run DiagnosticSources and RemediationSources based on alert rules for resources that have DiagnosticSources and RemediationSources applied.

When the scripts are run, you can view the output. You can also view the history of scripts run on a resource for a specific time range. The history provides details of the issues, the diagnosis performed to identify the root cause, and the remediation performed to solve the problem. You can view the output in JSON or plain text format. You can select the format that best fits your needs.

Automated Diagnostics and Remediation Usage Data

You can view the usage metrics for Automated Diagnostics and Remediation on the Usage page of your LogicMonitor portal. The usage metrics display the daily execution count of DiagnosticSources and RemediationSources for your monitored resources in real time. You can view the contracted daily quota of executions, the current daily execution count, and historical executions for the current month and the previous 12 months.

Windows and Linux Diagnostics and Remediation Monitoring Packages

The Windows Diagnostics and Remediation Monitoring packages provide PowerShell-based diagnostics and remediation for Microsoft Windows and Windows Server environments, enabling you to automate corrective actions such as process and service control, cluster node maintenance, and system restarts.

The Linux Diagnostics and Remediation Monitoring packages provide SSH-based diagnostics and remediation for Linux hosts, enabling remote execution of commands to manage process lifecycles and system availability.