We are trying to set up SharePoint auditing to audit reading of list items and are having problems finding how to turn it on.
Is this supported in the Foundation version? If so how do we activate it?
asked May 26, 2011 at 6:52
-
1The article you are linking is for SharePoint 2007...– Toni FrankolaCommented May 26, 2011 at 7:04
-
2Auditing has not changed between 2007 and 2010.– Jeroen RitmeijerCommented May 26, 2011 at 9:50
Add a comment
|
4 Answers
There is no Auditing user interface in WSS3 or SharePoint Foundation. A (very) basic interface and reporting facility is part of MOSS 2007 and SharePoint Server 2010.
However, you can enable auditing programmatically on SharePoint Foundation. This doesn't provide any reporting facility, which you will need to write yourself.
As one of the authors behind a third party SharePoint auditing tool I have investigated this thoroughly, please take the following into account:
- Auditing, as it ships with both the free and paid versions of SharePoint, is deeply flawed. There are many situations that are not audited at all or incorrectly audited.
- The audit data is stored in a very cryptic way. Even using the reporting facilities that come with the 'paid for' versions of SharePoint, the information is difficult to interpret. Also reports time out / cause errors more often than not.
If you are serious about auditing then get a third party solution. As I mentioned I work for a company who provides these kind of solutions so the usual disclaimers apply.
answered May 26, 2011 at 8:04
-
4I'd agree with what Muhimbi said, but as someone who had to write their own auditing User Interface for a project, I'd want to highlight that that is possible to write your own. That said, it took me long enough that it would've made more sense to buy in a third party app. The API isn't as disasterous as the UI is, but it still has numerous problems. See: novolocus.com/2009/12/16/more-problems-with-sharepoint-audit . When I looked at it the Muhimbi solution looked pretty good to me, but I've not used it. Commented May 26, 2011 at 8:20
-
+1 for auditing being FUBAR :-p Especially on publishing pages tho.. (and item level isnt even implemented -by design) Commented May 26, 2011 at 10:16
-
Totally agree. To expand on @Anders' comment, to implement "item level" auditing you can use event receivers to write custom audit entries. Commented May 26, 2011 at 14:51
I know this is an old post now but I had the same requirement and I have just achieved it programmatically using PowerShell:
1) Turn on item level auditing.
# Select site
$web = Get-SPWeb http://yoursiteurlhere
# Select document library
$library = $web.lists | Where { $_.Title -eq "Your Doc. Lib. Title Here" }
# Select and loop through library items
$items = $library.items
foreach($item in $items) {
# List current audit flags for item
Write-Host $item.Name $item.Audit.AuditFlags
# Modify audit flags for item
$item.Audit.AuditFlags = [Microsoft.SharePoint.SPAuditMaskType]::View
$item.Audit.Update()
# List new audit flags to confirm change
Write-Host $item.Name $item.Audit.AuditFlags
}
# Dispose of SPWeb variable
$web.Dispose()
2) Retrieve log entries
# Write header row
Write-Host "File,User,Date/Time,Event,Version"
# Select site
$web = Get-SPWeb http://yoursiteurlhere
# Select document library
$library = $web.lists | Where { $_.Title -eq "Your Doc. Lib. Title Here" }
# Loop through each library item
$items = $library.items
foreach($item in $items) {
# Loop through each audit entry
$entries = $item.Audit.GetEntries()
foreach($entry in $entries) {
# Select the properties from the audit log you want
$file = $entry.DocLocation
# Resolve audit log user ID to SharePoint site user name
$userName = $web.SiteUsers.GetByID($entry.UserId).Name
$dateTime = $entry.Occurred
$event = $entry.Event
$version = $entry.EventData
# Output selected log data
Write-Host "$file,$userName,$dateTime,$event,$version"
}
}
# Dispose of SPWeb variable
$web.Dispose()
This script outputs the results as comma separated text so that it's ready to be copied and pasted or outputted to a CSV. Warning: The document version listed in the EventData property may not match the version history numbers visible through the SharePoint site as they change.
Modifying the scripts
These scripts will turn on auditing and retrieve logs for all items in library/list. If you need to target a particular document in a document library or a single item in a list, do so with a query on the item name instead of using foreach to loop through all the items in the list/library. E.g.
$item = $library.items | where { $_.Name -eq "YourFileName.doc" }
See the MSDN SPAuditEntry page for the full list of properties you can select from the audit logs.
See the MSDN SPAuditMaskType page for the full list of audit flags you can set. To set multiple flags, list them on one line separated by the bitwise or operator: '-bxor'. E.g.
$item.Audit.AuditFlags = [Microsoft.SharePoint.SPAuditMaskType]::View -bxor [Microsoft.SharePoint.SPAuditMaskType]::Update -bxor [Microsoft.SharePoint.SPAuditMaskType]::Delete
answered Feb 29, 2012 at 11:16
-
would you please code how to output the result into csv ? Thanks very much– MaryCommented Dec 13, 2012 at 9:36
-
@Mary To output to CSV, simply replace each instance of "Write-Host" in the Retrieve Log Entries code above with "Add-Content $outputfile" and add the line "$outputfile = X:\pathtoyourfile\auditlog.csv" at the beginning. Commented Oct 14, 2013 at 15:06
You need to change the SPAudit.AuditFlags property programmatically (see the linked article for examples).
answered May 26, 2011 at 7:46
There is a codeplex project that toggles this setting for SharePoint Foundation via a Feature. It also provides some nifty UI for viewing the Audit Log in the browser- including a useful feature to view log entries for a single item from a ECB menu option.
AuditLog for SharePoint 2010 Foundation http://auditlogsp.codeplex.com/
