Search This Blog

Saturday, December 11, 2010

SharePoint : Auditing

Many times we want to track which users viewed and updated records and documents, and when these events occurred. To accomplish this task sharepoint provide support for auditing and include auditable events such as viewing and updating. Sharepoint provides built-in audit logging you can enable and configure at the scope of a site collection. When we enable auditing, Windows SharePoint Services writes audit event entries into an internal audit log table that is stored within the content database.
Windows SharePoint Services does not provide the functionality to see entries that are written to the audit log, a developer must write code to enable the windows sharepoint services audit logging facility. A developer must supply code and a user interface to read entries from the audit log and display this data to the site's users. But yes SharePoint Server provides a reporting function that uses Microsoft Office Excel workbooks to display and keep records of audit logs.
Enable site collection level auditing:
SPSite objSiteCollection = (SPSite)properties.Feature.Parent;
objSiteCollection.Audit.AuditFlags = SPAuditMaskType.All;
objSiteCollection.Audit.Update();
You can use bitwise logical operators to combine multiple SPAuditMaskType flags.
For example:
SPAuditMaskType objSPAuditMaskType= new SPAuditMaskType();
objSPAuditMaskType = SPAuditMaskType.View | SPAuditMaskType.Delete | SPAuditMaskType.CheckIn;
 
Enable list level auditing
using (SPSite objSiteCollection = new SPSite("http://test")) {
  using (SPWeb site = objSiteCollection.OpenWeb()) {
    SPList list = site.Lists["XYZ"];
    list.Audit.AuditFlags = SPAuditMaskType.All;
    list.Audit.Update();
  }
}
Enable auditing information per item basis:
To accomplish this we are required to create a menu item (Item Audit History) within the ECB for all documents within the site collection where the item auditing feature is activated. TO do it create a custom action as below:
<CustomAction Id="AuditingFeature.ECBItemMenu"
  RegistrationType="List" 
  RegistrationId="101"
  ImageUrl="/_layouts/images/ECB/GORTL.GIF"
  Location="EditControlBlock"
  Sequence="400"
  Title="Item Audit History">
    <UrlAction Url="~testSite/_layouts/AuditHistoryPage.aspx?ItemId={itemId}&ListId={listId}"/>
CustomAction> 
Now we are required to code AuditHistoryPage.aspx page that will be used to display the item audit history. You can refer the below code:
SPSite objSPSite = SPContext.Current.Site;
SPWeb objSPWeb = SPContext.Current.Web;
SPSecurity.RunWithElevatedPrivileges(delegate()  {
  using (SPSite objSiteCollection = new SPSite(objSPSite.ID)) {
    using (SPWeb objSite = objSiteCollection.OpenWeb(objSPWeb.ID)) {
      SPList objSPList = objSite.Lists[new Guid(listId)];
      SPListItem objSPListItem = objSPList.Items.GetItemById(Convert.ToInt32(itemId));
      SPAuditQuery objSPAuditQuery;
      SPAuditEntryCollection objSPAuditEntryCollection;
      objSPAuditQuery = new SPAuditQuery(objSiteCollection);
      objSPAuditQuery.RestrictToListItem(objSPListItem);            
      objSPAuditEntryCollection = objSite.Audit.GetEntries(objSPAuditQuery);
      foreach (SPAuditEntry objSPAuditEntry in objSPAuditEntryCollection)  {
        // get all audit entry…
      }
    }
  }
});
Thanks

2 comments:

  1. Pretty good blog, thanks for sharing the useful information related to track when some one viewed and updated records and documents. I tested an automate tool named LepideAuditor for SharePoint (http://www.lepide.com/sharepoint-audit/) which assists to audit log reports provided with the SharePoint server to preview the data in the audit logs for a site collection and get real time alerts via email to the desired recipients as soon as it detects some critical changes, or suspicious user activities.

    ReplyDelete