How to enable Audit functionality in SharePoint 2010
“Microsoft SharePoint Server 2010 includes four information management
policy features to help you manage your content: expiration, auditing, document
labels, and document bar codes. - msdn.microsoft.com”.
In this post I will focus on the audit capabilities in SharePoint 2010, more specifically how to enable the audit functionality.
When the audit functionally is enabled it will automatically log events and activities that is done on your content. The content could be documents, records and other items, such as task list and calendars.
What’s available for the administrator? The audit functionality can be enabled on different levels in SharePoint’s containment hierarchy. Specifically, you can enable auditing on these levels: site collection, library/list, folder, and content type.
Site Collection
On the same page you also have the option to enable audit logging for Lists, Libraries and Sites:
Library/list
Hey, wait a minute! This is not enabling auditing of all documents in this library.
True. It is more about being able to apply different events to audit, to different libraries, even when those libraries are using the same content types. Which leads us to how to apply auditing on the content type.
Content Type
Hmmm…. what happens if I have applied auditing on a content type, and now are trying to apply different rules at the library level?
Following the example above, I have enabled the “Edit items” events on the Content Type level. Going back to my library and into my library settings I find that I can’t apply specific policy settings because the library inherits the settings from the Content Type:
So, if you need to differentiate audit settings between libraries you cannot configure audit settings on the Content Type level.
Folder
A folder (in a library) is just another content type. See details above on how to configure auditing on content types.
By enabling auditing in a SharePoint environment with a large number of events, you will potentially end up with a large audit log which can affect the over all performance. It is recommended to enable audit log trimming for site collections with extensive auditing.
As you can see, the number of days of audit log data to retain is an optional field. If you don’t set this value the trimming will follow settings on the Farm level. This is done by the Farm Administrator using Central Admin.
Limit the size of the audit log
Only audit the events required to meet your needs. Which one of these events do you really need to log?
I recommend you to check out this page for details: http://office.microsoft.com/en-us/sharepoint-server-help/view-audit-log-reports-HA102039795.aspx
In this post I will focus on the audit capabilities in SharePoint 2010, more specifically how to enable the audit functionality.
When the audit functionally is enabled it will automatically log events and activities that is done on your content. The content could be documents, records and other items, such as task list and calendars.
Why
Why would you enable auditing in SharePoint? There could be different reasons, and they often depend on which vertical (e.g. Public/Government) you are located in.- Meet Regulatory and Legal requirements.
- Track how documents (and items) are used.
- Keep track of document history if documents are sent to the Content Organizer. When using the Content Organizer, the document’s version history is deleted. The audit log will be your source to the document history.
How
An Administrator has access to configure auditing, but a developer can also create custom code that read and write to the audit log. More details here: http://msdn.microsoft.com/en-us/library/ms441917.aspx.What’s available for the administrator? The audit functionality can be enabled on different levels in SharePoint’s containment hierarchy. Specifically, you can enable auditing on these levels: site collection, library/list, folder, and content type.
Site Collection
- Go to Site Actions –> Site Settings –> Site Collection Administration –> Site Collection audit settings.
- Under the Document and Items section you can enable the events you would like to audit:
On the same page you also have the option to enable audit logging for Lists, Libraries and Sites:
Library/list
- Go to [yourlibrary] –> Library Tools/Library –> Library Settings –> Permissions and Management –> Information management policy settings.
- Under the Content Types Policies section you can define a new policy or choose an existing policy (created in the site collection).
- More about how to create site collection policies later… In this example a choose “Define a policy…”
- Scroll down to Auditing where you will be able to choose the events you want to add to the audit log:
Hey, wait a minute! This is not enabling auditing of all documents in this library.
True. It is more about being able to apply different events to audit, to different libraries, even when those libraries are using the same content types. Which leads us to how to apply auditing on the content type.
Content Type
- Go to Site Actions –> Site Settings –> Galleries –> Site Content Type.
- Scroll down to Document Content Types and click on Document.
- Under Settings click on Information management policy settings:
Hmmm…. what happens if I have applied auditing on a content type, and now are trying to apply different rules at the library level?
Following the example above, I have enabled the “Edit items” events on the Content Type level. Going back to my library and into my library settings I find that I can’t apply specific policy settings because the library inherits the settings from the Content Type:
So, if you need to differentiate audit settings between libraries you cannot configure audit settings on the Content Type level.
Folder
A folder (in a library) is just another content type. See details above on how to configure auditing on content types.
Site Collection policies
You can predefine information management policies, and make them available for use within your site collection- Go to Site Actions –> Site Settings –> Site Collection Administration –> Site Collection policies.
- Click Create.
- A new page will let you predefine policies that also include more than the auditing. E.g you can create a policy for your Contracts that include both audit and retention settings. Having the policy predefined may make it easier for administrators to apply the correct policy to their content types.
Other things to consider…
Audit log trimmingBy enabling auditing in a SharePoint environment with a large number of events, you will potentially end up with a large audit log which can affect the over all performance. It is recommended to enable audit log trimming for site collections with extensive auditing.
- Go to Site Actions –> Site Settings –> Site Collection Administration –> Site Collection audit settings.
As you can see, the number of days of audit log data to retain is an optional field. If you don’t set this value the trimming will follow settings on the Farm level. This is done by the Farm Administrator using Central Admin.
Limit the size of the audit log
Only audit the events required to meet your needs. Which one of these events do you really need to log?
Audit log reports
Ok, I have enabled auditing.. how do I access my audit log?I recommend you to check out this page for details: http://office.microsoft.com/en-us/sharepoint-server-help/view-audit-log-reports-HA102039795.aspx
Resources
Configure audit settings for site collection | http://office.microsoft.com/en-us/sharepoint-server-help/configure-audit-settings-for-a-site-collection-HA010099726.aspx |
Version history erased when using Content Organizer | http://technet.microsoft.com/en-us/library/ff453933.aspx#Auditing |
SPAudit Class | http://msdn.microsoft.com/en-us/library/ms441917.aspx |
View audit log reports | http://office.microsoft.com/en-us/sharepoint-server-help/view-audit-log-reports-HA102039795.aspx |
No comments:
Post a Comment