- Frequently Asked Questions
Where can I learn more about the SharePoint Audit Log?
What can I monitor with the SharePoint Audit Log and LOGbinder SP?
What does LOGbinder SP do to my SharePoint installation? Does it modify SharePoint?
Will it conflict with any other SharePoint extensions or modifications?
"Nothing" and "no" are the short answers. LOGbinder SP is a Windows service that
runs independently of SharePoint. There are NO changes to SharePoint whatsoever
other than configuring SharePoint's audit feature and purging the SharePoint audit
log of old events if you configure LOGbinder SP to do so.
Will LOGbinder SP slow down my server or cause other resource issues?
No, the LOGbinder SP service is a tiny executable program that efficiently checks
the SharePoint audit log for entries and uses limited resources while processing
LOGbinder SP runs at a lower priority than SharePoint, so it will never compete
with SharePoint for resources.
Your SharePoint audit policy has the biggest impact on what resources LOGbinder
needs; for each site collection, consider whether you really need to audit read/view
How secure is LOGbinder SP?
LOGbinder is fully integrated with Windows security and complies with widely accepted
secure design and coding techniques.
At installation, LOGbinder secures the folder permissions where the software files
reside. To protect LOGbinder's configuration from tampering, LOGbinder encrypts
its configuration data.
LOGbinder security requirements are greatly simplified since LOGbinder does not
store your audit log data. LOGbinder is designed to quickly get audit events
out of the SharePoint audit log and to the destination of your choice, at which
point your log management solution takes over. If you configure LOGbinder
SP to direct events to the Windows security log, you leverage the significant effort
Microsoft has invested in protecting the security log. And if you are already
collecting Windows security logs with your log management application, SharePoint
events will automatically be included when you install LOGbinder SP.
LOGbinder SP's design helps you fulfill separation of duty and audit trail integrity
requirements by quickly getting audit events off the system where they are produced
(and thus vulnerable to intruders or malicious administrators) and into your separate
and secure log management system.
Does LOGbinder SP require much configuration?
LOGbinder SP installs in about 2 minutes and only requires a few settings:
- Select which site collections for LOGbinder to translate the audit log
- Specify the user account LOGbinder should run as
How do you monitor LOGbinder SP’s health?
Check the Application log for warnings or errors from source LOGbndSE
Why doesn’t LOGbinder SP include alerting or long term archival capability?
These are functions of a log management solution. LOGbinder complements and
enhances the value of your log management solution. If you do not already have a
log management solution, we can provide a simple, inexpensive but dependable solution
from our partner and we will help you install and configure it.
How does LOGbinder SP integrate with my current log management solution?
With LOGbinder, any log management solution that supports Windows event logs, text file or syslog can
now collect, monitor, archive, and report on SharePoint audit log activity.
Also, see next Q&A.
Which output formats does LOGbinder SP currently support?
LOGbinder can output to either the Windows Security Log, syslog, text file, or a custom Windows event
log called LOGbinder SP.
How is LOGbinder SP licensed?
Does LOGbinder SP need to be installed on the SharePoint server?
You do not need to install SharePoint on a production SharePoint server.
The SharePoint object model classes that provide access to the SharePoint audit
log require code to run locally. To audit a given SharePoint farm, LOGbinder SP needs to be
installed on just one of the servers to fully audit the farm. This can be
an exisitng SharePoint production server or a new server you deploy for LOGbinder SP
(usually a virtual machine).
What user credentials must be assigned to LOGbinder SP? Why?
The account you choose for the LOGbinder service must be a member of the server's
local Administrators group. The account must also be an administrator on each
site collection being monitored. These requirements come from SharePoint in order
to access the SharePoint audit log. The account needs to be authorized to run as
a service, and if using the security log, must be authorized to write to the security
Does LOGbinder SP support multiple SharePoint site collections?
Yes. With LOGbinder SP you can configure the SharePoint audit policy and enable/disable
translation of the audit log for each site collection on the SharePoint server.