Alert on specified Audit Log activity


Recommended Posts

We increasingly have the need to be able to determine exactly who did what and when.

For example if alert has been disabled for a host, it would be good if we had a record of who did this. The access log contains all the right information but does not go back far enough. Could we receive and email every time someone undertakes any activity pertaining to the configuration LogicMonitor (preferably), or otherwise could we get a monthly digest before the access logs are lost.

Edited by Mike Suding
Link to post
Share on other sites

I'm aware of the downloading of the access log but we have a requirement for something more akin to to SYSLOG where we can quickly go back years if needs be and find out for for example why and who disabled alerting on a product. It's a difficult conversation with a customer when this cannot be explained.

Edited by Mike Suding
Link to post
Share on other sites
  • LogicMonitor Staff

We have added more access log detail in the release that is being rolled out through the end of January. There is better logging for datasource changes and SDT changes as well as a few others. Take a look and let us know what else is useful. And as Steve mentioned, we do have plans to make this information available scheduled reports in the future.

Link to post
Share on other sites
  • 9 months later...

In addition to scheduled reports, we would be excited to see the feature to alert based on selected Access Log event, such as datasource updates, user role updates, agent config updates, Debug facility usage, etc. These and other events can be time-critical and any mistakes made by an administrator should be corrected asap. So having the ability to configure alerts based on specific activities would be very helpful. I see that this Feature Request is marked as Planned- when do we expect to see this? Thank you.

Link to post
Share on other sites
  • 1 year later...
  • LogicMonitor Staff

You can now set up Audit Log reports that regularly run and send a complete or filtered set of the audit logs to a report that is delivered automatically.

http://www.logicmonitor.com/release-notes/v76/

I'm not sure about the "alert on specific kind of Audit log entry" idea. How would you distinguish between something that was done correctly, and something that wasn't, if every type of action of a certain class triggered an alert?

Link to post
Share on other sites
  • Mike Suding changed the title to Alert on specified Audit Log activity
  • 2 months later...
  • LogicMonitor Staff

I am creating an EventSource to alert these certain specified events.  I will also look into other types of event. Stay tuned. Send me a PM or email if you are interested in it.

Device add = warning 
Device delete = warning
User create = warning
User delete = warning
User suspend = warning
Threshold changed = warning
DataSource changed = warning
 

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.