Events audited when audit logging is enabled (Office SharePoint Server)
Applies To: Office SharePoint Server 2007
This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.
In this article:
Auditing for a site collection
Auditing related to information management policies
Many enterprise organizations have policies and regulations that require them to track where and how users access records and documents. In particular, they need to maintain audit logs that record events such as viewing or editing documents.
Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007 include built-in audit-logging that you can enable and configure within the scope of a site collection. When you enable auditing, audit event entries are written into an internal audit log table that is stored in the content database. The audit event entries for a site collection are stored with all other content such as list items, documents, and Web Part customizations.
Although Windows SharePoint Services provides the basic mechanisms for auditing, it does not provide any built-in support for users to enable auditing. Because Windows SharePoint Services does not provide the ability to see entries that are written to the audit log, a developer must write code to enable the Windows SharePoint Services audit-logging facility. A developer must also supply code and a user interface to read entries from the audit log and display this data to the users of the site.
Microsoft Office SharePoint Server 2007, however, does include an administrative user interface that supports auditing at the site collection level, site, or list level, and lets you control the types of events to record in the audit log.
Auditing for a site collection
Auditing maintains a log of the actions performed on content in a site collection. Administrators can retrieve the entire history of actions — from a particular user or date range. To learn more about configuring audit settings, see Configure audit settings for a site collection (https://go.microsoft.com/fwlink/?LinkId=123914).
The following table lists events that are audited for documents and items within a site collection.
| Event | Description |
|---|---|
Opening or downloading documents |
A document is opened or downloaded. |
Viewing items in list or item properties |
Items in a list are viewed or item properties are viewed. |
Editing items |
An existing document is edited. |
Checking out |
A document is checked out. |
Checking in |
A document is checked in. |
Moving or copying items to another location in the site |
A document is moved or renamed. |
Deleting or restoring items |
An existing document is deleted or restored. |
The following table specifies the events that are audited for lists, libraries, and sites within a site collection.
| Event | Description |
|---|---|
Editing content types and columns |
Content types and columns are edited. |
Searching site content |
Site content is searched. |
Editing users and permissions |
Users and permissions are edited. |
Auditing related to information management policies
An information management policy allows users to configure audit settings for individual documents and list items based on their content type instead of the site collection settings; and auditing will be enabled for only the individual documents and list items, instead of for all items regardless of their type/business value.
When auditing is enabled as part of an information management policy, administrators can view the audit data in policy usage reports that are based on Microsoft Office Excel and that summarize current usage. Administrators can use these reports to determine how information is being used within the organization. These reports can also help organizations verify and document their regulatory compliance and investigate potential concerns.
The following table lists the events that are audited for documents and items subject to a specific Information Management Policy.
| Event | Description |
|---|---|
Opening or downloading documents |
A document is opened or downloaded. |
Viewing items in list or viewing item properties |
Items in a list are viewed or item properties are viewed. |
Editing items |
An existing document is edited. |
Checking out |
A document is checked out. |
Checking in |
A document is checked in. |
Moving or copying items to another location in the site |
A document is moved or renamed. |
Deleting or restoring items |
An existing document is deleted or restored. |
See Also
Other Resources
Item-Level Auditing with SharePoint Server 2007
View audit log reports