Configuring Audit Logs Feature in SharePoint 2013

Audit log reports in SharePoint used to track how your SharePoint site contents are being used or to meet any legal compliance requirements. Let's see how to enable auditing feature in SharePoint 2013.

Enable Audit Log Feature in Central Administration:
SharePoint 2013 audit settings needs to be enabled starting from the Central Administration site.
  • From SharePoint 2013 Central Administration: Under Application Management, Click on Manage service applications.
  • Select "Secure Store Service application", and click on "Properties" from the ribbon.
  • Scroll down and Enable Audit section, and select the Audit log enabled box. Set the number of days to keep audit logs until purged.
    sharepoint 2013 central administration auditing
  • Click OK to save your changes.

Enable Auditing Feature at a Site collection level
  • Go to your top-level sites settings page (Site collection settings) 
  • Click on the "Site collection audit settings" link under Site Collection Administration. 
  • In configure auditing page, enable relevant events such as "Editing Items", "Deleting or Restoring Items" checkboxes
    sharepoint 2013 audit settings
  • Once done, click on "OK" to save your changes.

Warning: Enabling Audit events "opening or downloading documents", "viewing items in lists" or "viewing item properties" in SharePoint 2016 sites can fill up your auditing logs so quickly! So use them wisely!!

View Audit Log Reports in SharePoint 2013:
After audit functionally is enabled, All selected events on SharePoint site content will be automatically logged. Then we can filter and analyze the audit data for sites, lists & libraries, content types, list items (documents) in the site collection. To view Auditing reports, head on to:
  • Site Settings of the Root web
  • Click on Audit log reports under site collection Administration
  • Pick the relevant report. You can choose custom reports as well.
sharepoint 2013 view audit log reports
You can enable auditing at site collection, library/list, folder, content type levels.
SharePoint audit log reports missing? Well, Only site-collection administrators can view audit reports!

Enable Auditing at Library/List Level:
You can configure the specific events that you want to audit for lists, libraries in the site.
  • Go to your library >> Library Settings >> Under "Permissions and Management" click on "Information management policy settings"
  • Under the Content Types, click on the relevant content type to enable auditing on the particular item (E.g. Documents)
  • Scroll down to Auditing section and choose  the events you want to add to the audit log
    sharepoint 2013 audit document library

Trim Audit Log in SharePoint 2013:
Although auditing is a nifty feature in SharePoint, enabling auditing for a site where a large number of events take place, may result in large audit logs that can affect the overall performance of the SharePoint farm. So, It's recommended to enable audit log trimming for site collections. As a best practice, audit log trimming must be done in SharePoint: How to Trim audit log to Improve Performance in SharePoint
trim audit logs sharepoint 2013
Here is the PowerShell way to manage audit settings in SharePoint: Enable auditing in SharePoint using PowerShell

1 comment:

Please Login and comment to get your questions answered!

Powered by Blogger.