During the TAP (Technology Adoption Program) presentations, I remember the product team members telling us that if we wanted to, we could capture every click on SharePoint Server 2007. I wondered how to do this. Others have asked me the same question, so this post will help you understand how to configure SharePoint so that you capture all of the activity to one type of log or another.

However, what you shouldn't do is confuse logging with auditing. Logging has to do with capturing system events to a log for Administrators to read and understand about the health and functioning of their SharePoint farm. Auditing has to do with the capturing of user activity within the farm. While you can do a lot with logging, if you want to capture user activity, you must focus on auditing.

Configuring Auditing

Auditing is turned on at the site collection level. To turn it on, go into your site collection administrator menu, then click on Site Collection Audit Settings. Clicking this link will take you to the Configure Audit Settings screen. You need to have Site Collection Administrator permissions in order to set these configurations.

Notice that on this screen, you can specify certain events to audit, including:

• Opening documents
• Downloading documents
• Viewing list items
• Viewing list item properties
• Editing items
• Document checkout
• Document check in
• Moving items
• Deleting items
• Restoring items
• Editing content types
• Searching site content
• Editing user accounts
• Editing permissions

Notice that from a high level, you can audit user activity relating to documents, lists, sites, libraries and items. When you set these configurations, they are applied to every site and workspace, list and library in the site collection, even if the list is secured with unique permissions.

Reading Audit Reports

Audit reporting is found by clicking the Audit Log Reporting link. When you click this link, you'll be taken to the View Auditing Reports page. This page outlines a series of pre-done reports that can be generated by clicking on the link to the reports. Note that all of the reports will be displayed via Excel. We'll discuss why this is a good thing in just a moment.

The reports that you can generate are as follows:

• Content activity reports
  • Content modifications
  • Content type and list modifications
  • Content viewing
  • Deletion
• Custom reports
  • Run a custom report
• Information management policy reports
  • Expiration and disposition
  • Policy modifications
• Security and site settings reports
  • Audit settings
  • Security settings

To generate a report, click on the link of the report that you want and then it will open in Excel. In my illustration, I'll use the content viewing report. Note that this particular report contains both an audit table for reporting aggregate activity and then a report data table that shows a per item audit trail. The report data table is the data source for the audit report pivot table. Both views are listed here:

Because the audit table view is really a pivot table, you can pivot on any number of elements to learn more about the data that your viewing. In addition, because the information is now in Excel, you can publish the report to a document management server or to Excel calculation services. You can add this information to a growing list that compiles other reports from other site collections to create an aggregate report that can be used in a pivot table to better understand the auditing information that you're viewing.

In part 2, I'll demonstrate how to aggregate reports into SharePoint for better viewing and understanding of your audit information.

Bill English
Mindsharp