Configuring Auditing in SharePoint 2010

Home > Blogs > SharePoint > Configuring Auditing in SharePoint 2010

Configuring Auditing in SharePoint 2010

Like This Blog 6 Spike Xavier
Added by September 10, 2012

Auditing comes out of the box in SharePoint 2010. Although there is nothing to prevent you from doing so, auditing is not the tool to use to track what users are doing to satisfy curiosity. Auditing is something you do because you have to. It is something you are required to do in order to be compliant with a law, or standard, or some business rule. As long as we understand what we are required to audit, it's so easy to set up, even the fictional character The Mangler would do it, and he isn't one to want to comply with anything.

If you are interested in seeing how people are using your site collections and or sites, the built in Web Analytics tools are awesome in SharePoint 2010 and should give you everything you need there.

Auditing can be configured for a site collection, a list or library, or based on a content type as part of an organizations information management policy.

There are of course a few ways of going about this but I'm going to keep it simple.

In this blog I have created a site collection and based it on the Team Site template. I will configure auditing on the Shared Documents library.

I will configure auditing on the following:

  • Opening or downloading documents, viewing items in lists, or viewing item properties.
  • Editing Items
  • Checking out or checking in items
  • Moving or copying items to another location in the site
  • Deleting or restoring items.

You will have to be a Site Collection Administrator in order to complete all the tasks in this blog.

Library Settings

LibrarySettings.png

 

I click on Library > Library Settings in the Shared Documents document library.

Information Management

InformationManagement.png

 

I click on Information management policy settings

Content Type

 
ContentType.png

 

I click on Document since that's what I'm auditing.

Enable Auditing

EnableAuditing.png

 

I select the checkbox next to Enable Auditing

Select Events to Audit

SelectEventsToAudit.png

 

I select the events to audit by checking the box next to them. In this case I check all of them and then I click OK.

Verify

Verify.png

 

I verify the fact that Document has a Custom policy attached to it.

Test

Test.png

I added a bunch of documents to the Shared Documents Library, checked some out, deleted some, and restored them so now I'll check the audit log reports to make sure it's working. To do this I'll go Site Actions>Site Settings

Audit Log Reports

AuditLogReports.png

 

I click on Audit Log Reports in the Site Collection Administration section.

Deletion

Deletion.png

 

I can choose any of the reports that I want but if there is no data I will get an error saying there is not data. Since I know that I deleted and restored some items I'll choose Deletion.

Save Location

SaveLocation.png

I'll save this report to the Shared Documents Library, however in production this is where I create a document library with unique permissions so only Site Collection Administrators can see the contents. I click on Browse.

Shared Documents

SharedDocuments.png

 

I select Shared Documents and click OK.

Click OK

ClickOK.png

 

I click OK

View Report

ViewReport.png

 

I click to view the report.

the Big What Moment

theBigWhatMoment.png

 

I see a summary of my actions. The really important information however is in the Report Data Worksheet Tab so I click that at the bottom of the workbook.

View Data

ViewData.png

 

This is the report data that can be tied into IIS logs and supply any required information.

There is much more to auditing but this is a good start. It's boring but it works.

Enjoy!
Spike Xavier
SharePoint Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

Agile Methodology in Project Management

0 117 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Creating Users and Managing Passwords in Microsoft Office 365

0 506 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 485 3

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

See what people are saying...

  1. Avatar Mahlet

    You are Awesome!

  2. Avatar Erv Martin

    Thanks for the article. I noticed that when I run the report the logged event’s date and time is wrong. It seems to be capturing UTC time. How do I change that so it reflects the correct date time? The SP server time is correct and also the SQL server date time is set correctly.

    Thanks!

  3. Avatar samualhassi

    Thank you for sharing such very informative blog !
    With the same concern in my environment, I use an automated tool named LepideAuditor for SharePoint i.e. that helps to audit all changes made in SharePoint at granular level and provides the data in real time.
    Though, I would like to give a try for manual steps mentioned here.

  4. Avatar Vin

    What if I wanted to audit sensitive information only by keywords such as Salary, SSN etc. Is there a way to configure Auditing out of the box to handle this?

  5. Avatar AM

    what if you’re getting access denied (even though you’re the sharepoint admin) for trying to enable auditing at the site collection level…. not sure if you’re checking this blog at all since its been since 2012……..

  6. Avatar Counie

    I notice you have checked "open documents,  view items etc." at content type level.

    Doesn't this also have to be enabled at site collection level in order for the open/view audit events to be logged.

Share your thoughts...

Please fill out the comment form below to post a reply.