Monitoring SharePoint Server activity is vital to knowing who is accessing your SharePoint sites, services and content and how they’re using your system. Tracking SharePoint performance monitoring metrics can help you identify potential problems in time to stop them from negatively affecting your business. You can also use tracking activity to monitor the adoption and usage rates of SharePoint and determine areas that need improvement.
Microsoft SharePoint offers features for collecting activity, which may prove useful for many reasons. Whether that reason is security auditing or fulfilling other compliance requirements, to make use of it, the tools must be turned on, and you need to know what you are looking for before running reports. The purpose of this blog is to show you what kind of activity monitoring solution is available for SharePoint monitoring, how to enable activity auditing, and how to make use of that information.
Events Available for Logging
- Opened and downloaded documents, viewed items in lists, or viewed item properties (The event is currently not supported for SP Online sites)
- Edited items
- Checked out and checked in items
- Items that have been moved and copied to other location in the site collection
- Deleted and restored items
- Changes to content types and columns
- Search queries
- Changes to user accounts and permissions
- Changed audit settings and deleted audit log events
- Workflow events
- Custom events (activity carried out by custom SharePoint applications)
To enable activity auditing for a site collection, you must be a SharePoint Site Collection Administrator. You can enable auditing manually or by using PowerShell.
The Manual Approach
Navigate to the settings page (settings cog in the top right) for the SharePoint site and click the Site collection audit settings link:
Then choose the events to audit:
The PowerShell Option
Use the following script to run activity auditing on a web-application basis. All children of the web application will have activity auditing enabled on it so long as they are set to inherit the permissions of the parent.
Add-PSSnapin Microsoft.SharePoint.Powershell
$webapp = Get-SPWebApplication "http://chrisbits-sp16:21378/"
$auditmask = [Microsoft.SharePoint.SPAuditMaskType]::All;
$webapp.sites | % {
$_.TrimAuditLog = $true
$_.Audit.AuditFlags = $auditmask
$_.Audit.Update()
$_.AuditLogTrimmingRetention = 30
}
Step 2: Review the Activity Logs
You can view the activity data using the ULS Viewer. There are some filtering options, so if you know what you are looking for, this tool can be valuable.
However, if you do not know what you are looking for, this raw stream of data will be very difficult to use effectively. As you can see from the screenshot above, in just a few minutes, there were over 38,000 activity events recorded in my small test environment. Accordingly, the best way to effectively use these logs is to invest in monitoring software that will analyze this data and provide meaningful reports.
How Netwrix Can Help
Netwrix StealthAUDIT for SharePoint helps you secure and govern the data your users create and access in your SharePoint network. With just this one powerful solution, you establish and maintain least-privilege access, close gaps in your security infrastructure, monitor user activity, and more. Contact us today for a free trial and see for yourself how our products can help you control database access, spot threats and pass audits.
FAQs
Yes. One option for monitoring your SharePoint environment is to use the free built-in audit log and viewer included with SharePoint. However, a third-party SharePoint monitoring tool makes it far easier to effectively track user actions, server performance and system availability.
How do I monitor activity in SharePoint?
With the native tools, you will need to enable auditing in the Site Collection settings and choose which actions, such as viewing, editing and deleting content, to monitor. Usage reports will give you an overview of how your sites and content are being used. Alternatively, you can use a third-party solution for monitoring SharePoint activity to get more actionable information and enhanced security and logging features.
How do I monitor SharePoint Online performance?
Regular server monitoring is vital for ensuring SharePoint health. You can use the SharePoint Online Management Shell to get real-time performance status information. If you need more robust monitoring, consider a third-party tool such as Netwrix StealthAUDIT, which provides additional resources for monitoring the performance of your servers and remediating issues automatically.
