Tag Archives: Audit

SPAuditAPI – Read SharePoint audit logs from JavaScript over REST

Recently I wanted to query Audit data from the web browser client and learned no native REST api was available.   So I created one.   Below is a demonstration video and link to the full source code.

This web API enables us to execute the server object model SPAuditQuery() method from HTTP POST and provide optional filter parameters.   More filters give a narrow match and faster server response.   We want to be specific, even if only a default time range (example – past 30 days) to improve user experience and reduce system load.

Cheers!  shades_smile

 

 

Source Code

 

Video

 

Context Diagram

image

 

Screen Shots

image

image

image

image

Apply standard Audit Events to all sites

Standardized settings are essential for organizational compliance needs.  All sites should be treated the same with minimum settings enforced.  The below PowerShell script will enable Audit Event tracking and apply the same setting for all sites in the farm.   Enjoy!    shades_smile

 

 

 

 

#===============================================
#  Set all Site Collection Audit Flags
#===============================================
#  Filename:	Set_SiteCollectionAuditFlags.ps1
#  Purpose:		Apply standard Audit Events for all sites in the farm
#  Author:		spjeff@spjeff.com
#  Modified:	03-09-2015
#===============================================
Write-Host "Getting sites ... " -NoNewLine
$sites = Get-SPSite -Limit ALL
Write-Host "[OK]"
$start = Get-Date
$i = 0
$changes = 0
# All without View events AuditMask = 16379
# View events =+4, so AuditMask+Read = 16383
$auditMask = [Microsoft.SharePoint.SPAuditMaskType]::CheckOut `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::CheckIn `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::Delete `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::Update `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::ProfileChange `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::ChildDelete `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::SchemaChange `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::SecurityChange `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::Undelete `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::Workflow `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::Copy `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::Move `
-bxor [Microsoft.SharePoint.SPAuditMaskType]::Search
# Open all site collections, loop for each site, if AuditMask is not our standard of 16379 or 16383 
# then set AuditMask to standard value of 16379
foreach ($site in $sites) {
	# Progress Tracking
	$i++
	$prct = [Math]::Round((($i / $sites.Count) * 100.0), 2)
	$elapsed = (Get-Date) - $start
	$remain = ($elapsed.TotalSeconds) / ($prct / 100.0)
	$eta = (Get-Date).AddSeconds($remain)
	
    # Operation
 	if ( ($site.RootWeb.Audit.AuditFlags -ne 16379) `
	-and ($site.RootWeb.Audit.AuditFlags -ne 16383) )
	{
		$site.RootWeb.Audit.AuditFlags = $auditMask
		$site.RootWeb.Audit.Update()
		$changes++
	}
	
	# Display
	Write-Progress -Activity "Site $Url ETA $eta" -Status "$prct" -PercentComplete $prct
}
Write-Host "Total Changes: $changes"
Return to Top ▲Return to Top ▲