Sometimes people want to be notified immediately when certain things happen in their LogicMonitor account. For example: adding/deleting devices, adding/deleting users, changing thresholds or datasources.

Be aware that the existing feature called “Audit Log Report” is recommended if these capabilities are acceptable:

  • The most frequent is once per day (vs immediately when it happens)
  • Report is sent even if it’s empty (i.e. no events that meet your search criteria)
  • The search syntax has some limitations and can be tricky to figure out

How does it work?  It’s an EventSource using a groovy script which uses the API to check the audit log every X minutes. It looks for specific strings that show in the description column. Other criteria could be added by modifying the script.


  • Download this EventSource file and add it into your account  ( Settings > EventSources > Add > from file )
  • Apply it to ONE of your devices where you want to see it. I suggest you apply it to the collector since that’s where it runs. Adjust the polling interval as desired. I suggest 5 or 10 minutes.
  • If you haven’t already, create an API user account and get the API tokens (ID and key). Make sure this user has permissions to ‘Audit Logs’.
  • Set these properties on the device or root of device tree so the script can grab them. You can change it but it must match the script.
    • lm.account
    • api.key
  • Set one or more of these properties as desired:
    • device_add = warn   (or error or critical)
    • device_delete = warn
    • user_create = warn
    • user_delete = warn
    • user_changed = warn
    • threshold_changed = warn
    • datasource_changed = warn
  • Test by doing one of these actions and make sure the alert shows.


Official tech support not provided by LogicMonitor but I will try to help.