LOGbinder SP

Latest Tips and News

Recommended Alerts and Reports for SharePoint (LOGbinder SP) Updated

Bulletin: LOGbinder SP Events 27 & 28

Why There's No Event for List Item Views

Follow @logbinder

On the Web

Videos

SharePoint Audit Log Processing

Why do I need LOGbinder SP?

As more and more information and processes move to SharePoint, it becomes critical for compliance and security requirements to monitor and audit SharePoint activity.

Doesn't SharePoint already have an audit log?

SharePoint does have an internal audit log but it is essentially unusable due to 6 key issues:

SharePoint's audit log does not provide the names of users or objects. The SharePoint audit log fails to translate record IDs, meaning you have no idea what object or user to which a given event refers! Click here for an example of an audit event from SharePoint before being processed by LOGbinder SP.
SharePoint's audit log is buried in SharePoint's SQL server content database. To ensure the integrity of audit trails, logs must be moved from the system where they are generated to a separate and secure archive. However in SharePoint, the audit log isn't really a log - it's a table in the SharePoint database. This makes it inaccessible for most log management solutions. Without the ability to collect the SharePoint audit log into a separate, secure log archive, its value as a high integrity audit trail is compromised.
SharePoint's audit log has no reporting. In Windows SharePoint Services the log is totally inaccessible, and in Office SharePoint Services it's exposed through a few rudimentary, impractical reports in Excel.
Windows SharePoint Services provides no interface for enabling auditing at all. The audit log is there, but without custom programming there's no way to turn it on, much less access the logs.
SharePoint's audit log built-in trimming feature can delete audit events before they are exported. Some editions of SharePoint provide automatic log trimming of old events but there is no way to ensure events have been archived first.
No way to manage audit policy In a SharePoint farm, each site collection has its own audit policy. Administrators have no way to enforce consistent audit policy across all site collections. When a new site collection is created, Administrators must remember to access the Site Collection's audit settings page and enable auditing or the site will be unmonitored. This is especially troublesome for farms with self-service site collection enabled because new sites can be created directly by users without Administrator involvement.

LOGbinder SP solves all 6 of these problems and writes SharePoint audit events to the Windows event log where your log management / SIEM solution can take over with archival, alerting and reporting.

Features and Benefits

LOGbinder SP

•	Features and Benefits
•	Installation
•	Configuration
•	Events Generated
•	Basic Reporting
•	Resources

Home

Products

LOGbinder SP

“LOGbinder SP gives us an easy to understand SharePoint audit log automatically collected by our log management solution. Perfect!” - Jonathan

Home

Newsletter