How to Configure Audit Logs Feature in SharePoint?
Audit log reports in SharePoint are used to track how your SharePoint site contents are being used or to meet any legal compliance requirements. Let’s see how to enable the auditing feature in SharePoint 2016 / 2013.
Enable Audit Log Feature in Central Administration:
Let’s walk through the steps of configuring the Audit Logs feature. SharePoint 2013 audit settings need to be enabled, starting from the Central Administration site.
- From SharePoint 2013 Central Administration: Under Application Management, Click on Manage service applications.
- Select “Secure Store Service application”, and click on “Properties” from the ribbon.
- Scroll down and Enable Audit section, and select the Audit log enabled box. Set the number of days to keep audit logs until purged.
- Click OK to save your changes.
Enable Auditing Feature at a Site collection level
To configure the audit log feature for a SharePoint site, do the following:
- Go to your top-level sites settings page (Site collection settings)
- Click on the “Site collection audit settings” link under Site Collection Administration.
- In configure auditing page, enable relevant events such as “Editing Items”, “Deleting or Restoring Items” checkboxes
- Once done, click on “OK” to save your changes.
View Audit Log Reports in SharePoint 2013:
After audit functionally is enabled, All selected events on SharePoint site content will be automatically logged. Then we can filter and analyze the audit data for sites, lists & libraries, content types, list items (documents) in the site collection. To view auditing reports, head on to:
- Site Settings of the Root web
- Click on Audit log reports under site collection Administration
- Pick the relevant report. You can choose custom reports as well.
You can enable auditing at site collection, library/list, folder, content type levels.
Enable Auditing at Library/List Level:
You can configure the specific events that you want to audit for lists, libraries in the site.
- Go to your library >> Library Settings >> Under “Permissions and Management” click on “Information management policy settings”
- Under the Content Types, click on the relevant content type to enable auditing on the particular item (E.g. Documents)
- Scroll down to Auditing section and choose the events you want to add to the audit log
Trim Audit Log in SharePoint:
Although auditing is a nifty feature in SharePoint, enabling auditing for a site where many events take place, may result in large audit logs that can affect the overall performance of the SharePoint farm. So, It’s recommended to enable audit log trimming for site collections. As a best practice, audit log trimming must be done in SharePoint: How to Trim audit log to Improve Performance in SharePoint
Here is the PowerShell way to manage audit settings in SharePoint: Enable auditing in SharePoint using PowerShell
Thanks for sharing!