VIEWING AUDIT LOG REPORTS IN SHAREPOINT 2010

SharePoint 2010 provides the feature to audit who is taking actions with the content of a site collection. You can see this data in the audit logs.
Note
Reporting feature must be enabled to use audit logs: Go to Site Collection Features and activate “Reporting” feature.

To configure this feature, site collection administrators can use “Configure Audit Settings” page to manage the size of the audit log in the Audit Log Trimming section and specify which events to audit in the Documents and Items and Lists, Libraries, and Sites sections.

The events that you choose can be displayed in audit reports that are based on Microsoft Excel 2010 and are available from the Auditing Reports page.
The following events are available for audit log reports:
  • Opened and downloaded documents, viewed items in lists, or viewed item properties
  • Edited items
  • Checked out and checked in items
  • Items that have been moved and copied to other location in the site collection
  • Deleted and restored items
  • Changes to content types and columns
  • Search queries
  • Changes to user accounts and permissions
  • Changed audit settings and deleted audit log events
  • Workflow events
You can view Audit log reports by going to Site Collection Administration section of the root site, select Audit log reports and then select one of these following reports:
  • Content modifications: Reports changes to content, such as modifying, deleting, and checking documents in and out.
  • Content type and list modifications: Reports additions, edits, and deletions to content types.
  • Content viewing: Reports users who have viewed content on a site.
  • Deletion: Reports what content has been deleted.
  • Run a custom report: You can specify the filters for a custom report, such as limiting the report to a specific set of events, to items in a particular list, to a particular date range, or to events performed by particular users.
  • Expiration and Disposition: Reports all events related to how content is removed when it expires.
  • Policy modifications: Reports on events that change the information management policies on the site collection.
  • Auditing settings: Reports changes to the auditing settings.
  • Security settings: Reports changes to security settings, such as user/group events, and role and rights events.
Once you view an report, you can find out the following information:
  • Site from which an event originated
  • Item ID, type, name, and location
  • User ID associated with the event
  • Event type, date, time, and source
  • Action taken on the item

Note: It provides information about when an item is changed, but not the details of what has changed.

Enjoy!!!
Nhat Phan