About Audit Logs

Accessible from Settings | Audit Logs, LogicMonitor's Audit Logs page provides insight into recent account activity, such as user logins and configuration changes made to resources in the account. Each audit log entry provides a timestamp for the event, the username associated with the event, the IP address associated with the event, and a description for the event. For example, you could use the Audit Logs page to identify when alerting was disabled for a particular device group, or which user updated a particular device property, and so on.

The duration of time for which audit log entries are saved is determined by the "alert history storage" level associated with your LogicMonitor package. For a breakdown of "alert history storage" levels by package, visit the LogicMonitor pricing page.

Note: It is common to see consecutive login events with no log out—if the user does not explicitly log out, but simply lets the session go idle, then starts using LogicMonitor again (possibly from a different computer), a new login event will be recorded.

From the Audit Logs page, you can:

  • Filter entries based on a time range
  • Search for entries
  • Download entries for the last calendar month
  • View the details for a particular entry

Note: You can also run reports on the audit log entries. As discussed in Audit Log Report, these reports filter audit log entries using time range, user, and/or keyword criteria.

Searching for Audit Log Entries

You can search for audit log entries in one of two ways:

  • Using the search bar on the Audit Logs page (this searches the User and Description fields for each log entry)
  • Using LogicMonitor's REST API, as discussed in Get Audit Log Entries