Sharepoint - How do we activate auditing in SharePoint Foundation 2010?
There is no Auditing user interface in WSS3 or SharePoint Foundation. A (very) basic interface and reporting facility is part of MOSS 2007 and SharePoint Server 2010.
However, you can enable auditing programmatically on SharePoint Foundation. This doesn't provide any reporting facility, which you will need to write yourself.
As one of the authors behind a third party SharePoint auditing tool I have investigated this thoroughly, please take the following into account:
- Auditing, as it ships with both the free and paid versions of SharePoint, is deeply flawed. There are many situations that are not audited at all or incorrectly audited.
- The audit data is stored in a very cryptic way. Even using the reporting facilities that come with the 'paid for' versions of SharePoint, the information is difficult to interpret. Also reports time out / cause errors more often than not.
If you are serious about auditing then get a third party solution. As I mentioned I work for a company who provides these kind of solutions so the usual disclaimers apply.
I know this is an old post now but I had the same requirement and I have just achieved it programmatically using PowerShell:
1) Turn on item level auditing.
# Select site
$web = Get-SPWeb http://yoursiteurlhere
# Select document library
$library = $web.lists | Where { $_.Title -eq "Your Doc. Lib. Title Here" }
# Select and loop through library items
$items = $library.items
foreach($item in $items) {
# List current audit flags for item
Write-Host $item.Name $item.Audit.AuditFlags
# Modify audit flags for item
$item.Audit.AuditFlags = [Microsoft.SharePoint.SPAuditMaskType]::View
$item.Audit.Update()
# List new audit flags to confirm change
Write-Host $item.Name $item.Audit.AuditFlags
}
# Dispose of SPWeb variable
$web.Dispose()
2) Retrieve log entries
# Write header row
Write-Host "File,User,Date/Time,Event,Version"
# Select site
$web = Get-SPWeb http://yoursiteurlhere
# Select document library
$library = $web.lists | Where { $_.Title -eq "Your Doc. Lib. Title Here" }
# Loop through each library item
$items = $library.items
foreach($item in $items) {
# Loop through each audit entry
$entries = $item.Audit.GetEntries()
foreach($entry in $entries) {
# Select the properties from the audit log you want
$file = $entry.DocLocation
# Resolve audit log user ID to SharePoint site user name
$userName = $web.SiteUsers.GetByID($entry.UserId).Name
$dateTime = $entry.Occurred
$event = $entry.Event
$version = $entry.EventData
# Output selected log data
Write-Host "$file,$userName,$dateTime,$event,$version"
}
}
# Dispose of SPWeb variable
$web.Dispose()
This script outputs the results as comma separated text so that it's ready to be copied and pasted or outputted to a CSV. Warning: The document version listed in the EventData property may not match the version history numbers visible through the SharePoint site as they change.
Modifying the scripts
These scripts will turn on auditing and retrieve logs for all items in library/list. If you need to target a particular document in a document library or a single item in a list, do so with a query on the item name instead of using foreach to loop through all the items in the list/library. E.g.
$item = $library.items | where { $_.Name -eq "YourFileName.doc" }
See the MSDN SPAuditEntry page for the full list of properties you can select from the audit logs.
See the MSDN SPAuditMaskType page for the full list of audit flags you can set. To set multiple flags, list them on one line separated by the bitwise or operator: '-bxor'. E.g.
$item.Audit.AuditFlags = [Microsoft.SharePoint.SPAuditMaskType]::View -bxor [Microsoft.SharePoint.SPAuditMaskType]::Update -bxor [Microsoft.SharePoint.SPAuditMaskType]::Delete
You need to change the SPAudit.AuditFlags property programmatically (see the linked article for examples).