Configure Audit Settings for SharePoint 2013 Sites using PowerShell
Audit log feature in SharePoint helps us to analyze how SharePoint contents are being used by users or to track documents and users in accordance to compliance requirements.
SharePoint 2013 audit log configuration is explained in my another post: Configuring Audit Logs Feature in SharePoint 2013 . Lets see how to enable auditing feature in SharePoint 2013 using PowerShell.
Configure Audit log Settings for All Sites in SharePoint 2013
For all available audit masks, refer MSDN: https://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spauditmasktype.aspx
Add-PSSnapin Microsoft.SharePoint.Powershell -ErrorAction SilentlyContinue $SiteCollURL="http://intranet.crescent.com" #Get the site collection $Site = Get-SPSite $SiteCollURL #Define Audit Events $AuditLogEvents = "Delete", "Update" $Site.Audit.AuditFlags = $AuditLogEvents $Site.Audit.Update() #Set Trimming Options $Site.TrimAuditLog = $true $Site.AuditLogTrimmingRetention = 10
Configure Audit log Settings for All Sites in SharePoint 2013
$WebApp = Get-SPWebApplication "http://sharepoint.company.com" $AuditMask = [Microsoft.SharePoint.SPAuditMaskType]::Delete -bxor [Microsoft.SharePoint.SPAuditMaskType]::Update -boxr [Microsoft.SharePoint.SPAuditMaskType]::SecurityChange $WebApp.sites | % { $_.TrimAuditLog = $true $_.Audit.AuditFlags = $auditmask $_.Audit.Update() $_.AuditLogTrimmingRetention = 30 } }
For all available audit masks, refer MSDN: https://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spauditmasktype.aspx
Is there a way to enable Auditing at the list and library level of Information Management Policy Settings?
ReplyDeleteWe are finding that when running this from a ps session from a remote server (non-shareoint)connecting to sharepoint server this does not work.
ReplyDeleteException setting "AuditLogTrimmingRetention": "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
At line:9 char:1
+ $_.AuditLogTrimmingRetention = 30
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
+ FullyQualifiedErrorId : ExceptionWhenSetting
hi, thanks for the script.
ReplyDeletehow do i set the location to store audit reports
following the blog. appreciate the response
DeleteThis is not possible, As far as I know..
Delete