Hi All,
how to know who enabled or disabled the alert rules in solarwinds. I could see some of the alert rules are newly enabled in my instance. I am confused to find who enabled it. Please let me know where I can check this information
In the ALERTS & ACTIVITY menu, click Message Center.
Uncheck the boxes except for Audit Events and select a time period. In the Action type dropdown, you can select Alert enabled or Alert disabled.
Audit events are kept for 365 days by default.
This query could take awhile as it will pull all the events but this will give you every instance. You could create a custom report or resource to display.
SELECT AuditEventID, TimeLoggedUtc, AccountID, ActionTypeID, AuditEventMessage, NetworkNode, NetObjectID, NetObjectType, DetailsUrl, DisplayName, ObservationTimestamp, ObservationRowVersion, ObservationSeverity, ObservationSeverityName, Description, InstanceType, Uri, InstanceSiteId
FROM Orion.AuditingEvents
Where AuditEventMessage LIKE '%disabled alert%' OR AuditEventMessage LIKE '%enabled alert%'
