Wednesday, May 1, 2013

Audit log reports in SharePoint 2013

Audit log reports in SharePoint, used to check who did what. We can check, sort, filter, and analyze the data in sites, lists, libraries, content types, list items, and library files in the site collection. It is very helpful for the organization. We can also save the audit log report as excel work book in specified site collection document library
Following events are available for auditing log reports to check who did what,
  • Viewed and downloaded items/documents
  • Checked In/ checked out items, moved and copied items in list/libraries
  • Deleted, restored items
  • Work flow and custom events in site collection
  • User permission changes at site collection level
  • Content type and column changes
Following are the reports available in share point auditing
  • Content Viewing -> shows all events where a user viewed content in this site.
  • Content modifications -> shows all events that modified content in this site.
  • Content deletion -> shows all events that caused content in this site to be deleted or restored from the Recycle Bin.
  • Content type and list modifications -> shows all events that modified content types and lists in this site.
  • Information management policy modification -> shows all events related to the creation and use of information management policies on content in this site.
  • Information management policy Expiration and disposition -> shows all events related to the expiration and disposition of content in this site.
  • Security and site settings Auditing -> shows all events that change the auditing settings of Microsoft SharePoint Foundation.
  • Security and site settings Security -> shows all events that change the security configuration of Microsoft SharePoint Foundation.
  • Custom report -> shows specified filters for audit report

We can view the audit log reports by clicking on the “Audit log reports” in Site collection Administration group in Site settings.

Configure auditing:
We have option to configure track which users have taken what actions on the sites, content types, lists, libraries, list items, and library files of site collections. In Site settings we can configure the audit logging by clicking on “Site collection auditing settings” in "Site Collection Administration" section.

Configure trimming:
When we select to audit an event in site collection, it will audited each time the event occurs. It will cause to generate a large number of audit log. This could cause degrading the performance and fills the memory in hard drive. To prevent this, we need to enable the audit log trimming in site collection. We can do this in site settings -> Site collection Administration -> Site Collection audit log settings.

Select “yes” for “Automatically trim the audit log for this site?” in “Audit Log Trimming” section. Specify number of days that audit log remain.

Share this

3 Responses to "Audit log reports in SharePoint 2013"

  1. I have SharePoint foundation 2013 and cannot find Site collection audit setting under site setting

    1. You need to be a member of the Site Collection Administrators group to see that section in Site Settings.

  2. realised that SP2013 audit logs do not differentiate the View and Download Events. Is there any way we can separate this?