Chat now with support
Chat with Support

ControlPoint 8.9 - Administration Guide

Preface Configuring the Environment in Which ControlPoint Will Run The ControlPoint Configuration Site Managing Your Farm List Managing Your ControlPoint License Granting ControlPoint Access to Web Applications and Content Databases Using Discovery to Collect Information for the ControlPoint Database Cache Using Sensitive Content Manager Services Managing ControlPoint Configuration and Permissions Preparing Your Environment for Using ControlPoint Sentinel Modifying ControlPoint Configuration Settings
Changing Default Settings for Actions and Analyses Changing Default Settings to Improve Application Performance Audit Log Configuration Settings Changing Settings for Anomalous Activity Detection Restricting Functionality for Members of the Business Administrators Group Changing Default Settings for ControlPoint User Groups Changing Settings to Improve Discovery Performance Changing Settings to Accommodate Special Environmental Factors Changing Default Settings for Navigation Changing Default Settings for Compliance Managing Site Provisioning Settings Specifying Global Settings for ControlPoint Policies Setting Preferences for the ControlPoint Scheduler Miscellaneous and Custom Configuration Settings Special-Purpose Configuration Settings
Changing Trace Switch Logging Levels Archiving SharePoint Audit Log Data Troubleshooting
ControlPoint Log Files Troubleshooting Configuration Errors Troubleshooting the ControlPoint Application Interface Troubleshooting Discovery Troubleshooting SharePoint Users and Permissions Troubleshooting Site Provisioning Troubleshooting ControlPoint Operations

ArchiveAuditLog Configuration Settings

The following three settings are exclusive to ControlPoint Archive Audit Log Data processing:

·Archive Audit Log Table Connection String

·Web Applications to Include in Audit Logs

·Number of Hours Worth of Data to Archive at One Time.

For information on using these configuration settings within the context of audit log data archiving, see Archiving SharePoint Audit Log Data.

Number of Days to Keep Audit Records (AUDITMAXDAYS)

When auditing is enabled for a SharePoint site collection (either from within SharePoint or using the ControlPoint Set Site Collection Properties feature), SharePoint keeps records of audited actions and events in the content database(s). It is from this history that ControlPoint Audit Log analyses can be run.  

ControlPoint provides an option to purge audit data so that content databases are not overloaded.  By default, no purging is done (as indicated by a Value of 0). ControlPoint Application Administrators can change this retention period by modifying the Value for the ControlPoint Setting Number of Days to Keep Audit Records (AUDITMAXDAYS).

Audit history is purged up to the number of days specified by the ControlPoint Discovery process

Config Settings AUDITMAXDAYS

If the default Value is kept, the audit records will never be purged.  Keep in mind however, the longer audit history is retained, the more storage space it will use in content databases.  Alternatively, you can archive audit log data to free up storage space using ControlPoint xcUtilities.  See Archiving SharePoint Audit Log Data.

Tips for Archiving a Large Accumulation of Audit Data

If you have many months or even years' worth of accumulated data to purge, doing all of it in a single operation can be resource-intensive and can perform slowly.   It is recommended, therefore, that you initially set AUDITMAXDAYS to a larger number, then incrementally reduce that number before each subsequent Discovery run until you have reached the number of days' worth that you want to retain on an ongoing basis.

EXAMPLE:

Suppose 1,000 days' worth of audit log data has accumulated on your farm, but going forward you only want to retain 60 days' worth.  Depending on the size of your farm, purging 940 days worth of data in a single operation might significantly slow down the Discovery job. To avoid this problem, you may want to initially set the AUDITMAXDAYS Value to 800 (that is, purge 200 days' worth) of audit log data.  After the Discovery job has completed, you may want to bring the number down to 600 (that is, purge another 200 or so days' worth), and so on, until you have reduced the amount of audit log data in the database to a manageable amount.  You can then set and leave the Value at 60, saving only the amount that you want to retain on an ongoing basis.

Excluding Users from Audit Log Analyses (ExcludeUsersAudit)

By default, unless one or more users are specified in the People Picker, all SharePoint users are included in the ControlPoint Audit Log analysis.

ControlPoint Application Administrators can, however, exclude certain users from these analyses by entering the user account name(s) as the Value for the ControlPoint Configuration Setting Users to Exclude from Audit Log Analyses (ExcludedUsersAudit).  Enter multiple account names as a comma-separated list.

You may, for example, want to exclude common system accounts such as SharePoint\System.

NOTE:  You must exclude users based on full account names (sometimes known as pre-Windows 2000 account names in Active Directory), not display names.  For example, you cannot exclude system accounts by entering the display name System Account.

Config Settings ExcludeUsersAudit

Note that you can still run Audit Log analyses on excluded users if you enter them in the People Picker.  

NOTE:  Users can be excluded from permissions and activity analyses via the ControlPoint Configuration Setting Users to Exclude from Reports (EXCLUDEDUSERS).

Specifying Whether to Display Site Names in Audit Log Analyses (PROCESSAUDITNAMES)

By default, ControlPoint Audit Log analysis results include name of the Site on which audited activity occurred.  The process required for ControlPoint to collect this information is time-consuming and may affect performance, especially if the scope of the analysis is large.

PROCESSAUDITNAMEStrue

ControlPoint Application Administrators can, however, prevent this process from being carried out by changing the ControlPoint Configuration Setting PROCESSAUDITNAMES from True to False.

Config Setting PROCESSAUDITNAMES

Note that, if PROCESSAUDITNAMES is set to false, you can use the url to identify the site where audited activity occurred.

PROCESSAUDITNAMESfalse

 

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating