.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal

Home >> Articles >> SharePoint >> Post New Resource Bookmark and Share   

 Subscribe to Articles

Auditing - A Built-in Feature of SharePoint

Posted By:Jean Paul       Posted Date: April 30, 2013    Points: 200    Category: SharePoint    URL: http://www.dotnetspark.com  

In this article we can explore the Audit feature of SharePoint 2010. This is a built-in feature and provides great amount of flexibility for Administrators & Developers.

In this article we can explore the Audit feature of SharePoint 2010.  This is a built-in feature and provides great amount of flexibility for Administrators & Developers.

What is Auditing in SharePoint?

Auditing involves Activity Tracking inside SharePoint environment.  The auditing reports generated can be used by Administrators or Managers to determine the usage of SharePoint resources.

By enabling Auditing we can track the activities like:
·  List Access
·  Library Access
·  Opening of Documents
·  Editing Items
·  Check In / Check Out
·  Copying / Moving / Deleting items
·  Searching
·  Editing Permissions

Following is a sample of how a detailed audit report looks:

Under the hood, SharePoint uses events and SQL server table to retrieve & save the audit entries.  Following are the topics we are discussing in this article:

·  Enable Audit
·  View Audit Entries
·  Custom Report
·  Server Object Models
·  Audit Event Types
·  Writing custom Audit entries

Enable Audit

We can enable audit for a site collection from the Site Settings > Audit Settings link.

From the Configure Audit Settings page opened specify the events to be audited.

Once you have enabled Audit you can go ahead and try accessing/modifying existing list/library items.  These activities should be triggering the Audit entry creation.

Note: Please note that in real world scenarios you should only enable the events required.  Too many event auditing queues more work to the server and can degrade the performance.

View Audit Entries

Now we can proceed to view the audit entries just created.  You can use the Audit log reports from the Site Settings page.

In the appearing page View Auditing Reports you can see there are various categories of reports like:

·  Content Modification
·  Content Viewing
·  Deletion 
·  Policy Modification etc.

Click on the Content Viewing as this time we are interested in only Viewing reports.  In the appearing dialog enter the document library where you wanted to save the report.  Click Ok to generate the report.  (The report is a document and hence a document library is required to save it)

Click on the Click here to view report link to view the report.  It should open in an XLSX document.  There are 2 tabs on the XLSX file - summary and detailed.

Custom Report

Now we can try using the Custom Report generation.  This options is useful when we need to get a report based on / or a combination of:

·  Custom List
·  Particular user
·  Date Range

Please note that under the hood SharePoint had saved all the event records.  The custom report will be filtering the records based on the user selection.
To generate the custom report, go to Site Settings > Audit log reports > Run a custom report

You should get the following page with filtering options:

You can choose the Save Location, List, Dates, Users, and Events and click the OK button to generate the report as XLSX file.

Server Object Models

The good thing is that we can use Server Object Model to interact with Audit.  Following are some of the important audit classes inside the Microsoft.SharePoint namespace.

·  SPAudit
·  SPAuditEntry
·  SPAuditEventType
·  SPAuditQuery


SPAudit is the main class which can be used to access the audit settings for the associated object.  The server object models like SPSite, SPWeb, SPList, SPDocumentLibrary contains a property named Audit which represents the underlying SPAudit settings.

The SPAudit class contains methods for the following operations:

·  GetAuditEntries() to get the audit entries
·  Update() to update modifications to audit settings

Following is the code to get audit entries:

private void GetAuditEntriesButton_Click(object sender, EventArgs e)
   SPSite site = new SPSite("http://localhost");

   SPAudit audit = site.Audit;

   var collection = audit.GetEntries();

Following is the code to update audit settings for the site:

private void UpdateButton_Click(object sender, EventArgs e)
   SPSite site = new SPSite("http://localhost");

   SPAudit audit = site.Audit;

   audit.AuditFlags = SPAuditMaskType.None;


The above code clears all Audit Events by setting the AuditFlags property to None.  After executing the code you can revisit the Site Collection Audit Settings to see that all the events are unchecked.

You can use SPAudit class to update audit settings across multiple site collections in one shot.  Plus you can automate clearing the audit entries using DeleteEntries() method.


This enumeration SPAuditEventType is needed to specify the event type of the audit entry. The enumeration contains the following members:

enum SPAuditEventType
  AuditMaskChange = 14,
  CheckIn = 2,
  CheckOut = 1,
  ChildDelete = 7,
  ChildMove = 0x10,
  Copy = 12,
  Custom = 100,
  Delete = 4,
  EventsDeleted = 50,
  FileFragmentWrite = 0x11,
  Move = 13,
  ProfileChange = 6,
  SchemaChange = 8,
  Search = 15,
  SecGroupCreate = 30,
  SecGroupDelete = 0x1f,
  SecGroupMemberAdd = 0x20,
  SecGroupMemberDel = 0x21,
  SecRoleBindBreakInherit = 40,
  SecRoleBindInherit = 0x27,
  SecRoleBindUpdate = 0x26,
  SecRoleDefBreakInherit = 0x25,
  SecRoleDefCreate = 0x22,
  SecRoleDefDelete = 0x23,
  SecRoleDefModify = 0x24,
  Undelete = 10,
  Update = 5,
  View = 3,
  Workflow = 11


SPAuditQuery represents the class to do filter fetching of audit entries. It provides the following methods and properties.

You can see that the methods are similar to the options available in custom report generation page.  The sample code using SPAuditQuery is included in the source attachment.

Writing custom Audit entries

Occasionally we needed to write custom audit information for a SharePoint solution.  In this case we can reuse the Audit Server Object Model mechanism to perform the same.

Following is the code that writes to the Audit entry.

private void WriteAuditEvent_Click(object sender, EventArgs e)
   SPSite site = new SPSite("http://localhost");

   SPAudit audit = site.Audit;

   audit.WriteAuditEvent(SPAuditEventType.Custom, "MySource", "<xml/>");

After execution you can see the new entry through invocation of the GetAuditEntries() method.  You can use the associated application to view the same.

Remark on Database Usage

The audit entries are stored inside SharePoint database.  You can view this database inside the SharePoint SQL Server instance.  The table storing the Audit records is AuditData.  For inserting your own records into the table it is recommended to use Server Object Model.


  SharePoint 2010 Audit Configuration
  SharePoint 2010 View Audit Log Reports


In this article we have explored the Audit feature of SharePoint.  I believe now you will agree that it is a good feature that saves lot of our time otherwise would have invested in writing events and persisting code.

The associated code contains the examples we have discussed.

 Subscribe to Articles


Further Readings:


No response found. Be the first to respond this post

Post Comment

You must Sign In To post reply
Find More Articles on C#, ASP.Net, Vb.Net, SQL Server and more Here

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend