Chat now with support
Chat with Support

Metalogix ControlPoint 8.1 - User Guide

Getting Started with ControlPoint Searching for SharePoint Sites Managing SharePoint Objects Managing Metadata Managing SharePoint User Permissions Data Analysis and Reporting Scheduling a ControlPoint Operation Saving, Modifying and Executing Instructions for a ControlPoint Operation Provisioning SharePoint Site Collections and Sites Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity About Us

Analyzing Audit Log Contents

The ControlPoint Audit Log analysis extends SharePoint's built-in audit logging by letting you easily view entries written to the audit log.  You can focus your analysis on specific event types, and even limit the scope to include only certain objects (sites, lists, documents, etc.).

Audit logging must be enabled for each site collection whose events you want to log.

How ControlPoint Online Gathers Audit Log Data

When an Audit Log analysis is run, ControlPoint Online prompts SharePoint to gather the requested data.  The data collected by SharePoint is saved to a document library at the root site of each site collection within the scope of the analysis.  The library to which this data is saved is defined by the ControlPoint Configuration Setting HostedAuditLogReportList.

HostedAuditLogReport Library

To generate an Audit Log analysis:

1Select the object(s) for which you want to view audited events.  

NOTES:

§If the scope of your analysis includes site collections that have been deleted, audit events associated with that site collection will no longer exist.

§As with all ControlPoint analyses, if you initiated the analysis from the farm or site collection level, all child items will be included by default.  If you initiated the analysis at the site level, only information for that site (not its subsites) will be included.  You can, however, use the Change Selection option to further refine your scope.

2Choose Audit and Alerts > Audit Log.

3Specify one or more of the following parameters for your analysis:

§select both a Start and End date ( ) and time ( ) for which you want to report

The time period for which you can generate an audit log analysis depends on how many days audit data is retained.  The ControlPoint default is 0 (meaning that audit data is never deleted), but the ControlPoint Application Administrator can specify a different value via ControlPoint Configuration Settings.  

§select the User(s) whose actions you want to audit (or leave blank for all users)

§enter a relative URL (note that you can enter a url down to the item level; you can also use an asterisk (*) at the beginning and end of a url as wildcards)

EXAMPLES

§sites/al*

§sites/alpha/shared documents/xcrSummaryReport.pdf

§select one or more Event types from the list box.  Refer to the topic Events Captured in SharePoint Log.  

CAUTION:  Although you have the option of viewing ALL events, if you select this option your result set may be extremely large.  One reason is that SharePoint records some events (such as a View) as a series of several events.  Also, some event types (such as Update) may encompass a wide variety of events.

Audit Log PARAMETERS - Cloud

§If you want the report generated by SharePoint to be deleted from the SharePoint library(ies), check Delete report generated by SharePoint.

NOTE: ControlPoint saves the SharePoint report to a file that includes a date stamp.  Therefore, if you leave this box unchecked, a new report will be saved to the library(ies) each time the analysis is run (that is, it will not replace a previously-saved report).

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

Information in the Audit Log analysis

The Audit Log analysis contains the following information:

§the Date and time that the event occurred

§the User responsible for the event

§the Event type

§the Scope of the event, which may be:

§site collection (Site)

§site (Web)

§List

§Folder, Document, or List Item

§the name of the Site Collection and Site on/within which the event occurred.

§the relative URL for the list or document/item.

NOTE:  If auditing has been enabled at the site collection level, the URL for the document or item will display.  If auditing has been enabled at the site level or below, the URL for the list itself (but not the document or item within the list) will display.

Depending on the event type, additional detail may display beneath each line item.

 

Analyzing Change Log Contents

The ControlPoint Change Log lets you view the contents of SharePoint change logs for one or more selected event types.

To generate a Change Log analysis:

1Select the object(s) for which you want to view change log entries.  

2Choose Audit & Alerts > Change Log Analysis.

3Specify one or more of the following parameters for your analysis:

§select both a Start and End date ( ) and time ( ) for which you want to report

The time period for which you can generate a change log analysis depends on how many days change log data is retained.  ControlPoint relies on the history maintained by SharePoint.  SharePoint for Office 365 retains Change Log data for 60 days.

§enter a relative URL (note that you can enter a url down to the item level; you can also use an asterisk (*) at the beginning and end of a url as wildcards)

EXAMPLES

§sites/al*

§sites/alpha/shared documents/SharePointPlanning.docx

§select one or more Event types from the list box.  Refer to the topic Events Captured in SharePoint Logs  for guidance in selecting the appropriate event type(s).

Change Log PARAMETERS

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

Information in the Change Log Analysis

Change Log RESULTS

The ControlPoint Change Log Analysis contains the following information:

·the Date and time that the event occurred

·the Scope of the event

·the Event type

·the individual the event was Performed By

NOTE:  For many event types, SharePoint change logging does not record the user who performed the event.  In such cases, the value "None" will appear in the Performed By column.

·the name of the Site Collection and Site on/within which the event occurred.

·the URL for the item (if applicable).

 

Analyzing List Properties

The List Properties analysis provides information about one or more lists in your farm, including:

·the properties of the list, including versioning and advanced settings

·audit settings that are/are not enabled for the list.

To generate a List Properties analysis:

1Select the object(s) you want to include in your analysis.

2Choose Configuration > List Properties.

3If you want results to include only lists that meet one or more specific criteria, specify one or more of the parameters described in the following table.

If you want results to include only lists...

Then ...

whose name contains a specific text string

enter the text string in the List Name contains field.

List Summary LIST NAME

that have a particular version setting

select from the Versions Setting drop-down.

List Summary VERSION SETTINGS

of one or more specific types

select from the List Types drop-down.

List Summary LIST TYPES

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

The top level of the analysis lists each Web application, site collection, site, and list within the scope of your analysis, along with the list's Base Type.

List Summary RESULTS

When expanded, the following information is displayed for each list:

·list Properties, including versioning and advanced settings detail

List Summary PROPERTIES

·all of the available Audit Settings, with settings that are currently enabled for the list identified by a plus sign (+).

NOTE:  Audit settings that are inherited from the site collection are flagged with >.

List Summary AUDIT SETTINGS

·list Columns settings

List Summary COLUMNS

 

Generating a OneDrive Summary Report

If you The OneDrive Summary report lets you view OneDrive for Business usage information for personal sites to which you have administrator privileges, including "Share With Me" documents.

To generate this report, the ControlPoint Application Administrator must explicitly choose to include OneDrive site collections in the SharePoint Hierarchy.  (However, doing so may significantly increase SharePoint Hierarchy load time, especially if there are a large number of OneDrive site collections in the environment.)  Contact Quest Support for details.

To generate a OneDrive Summary Report:

1.Select the OneDrive site collection(s) (or the OneDrive Site Collections node if you want to include all OneDrive site collections that you administer).

2Choose OneDrive > OneDrive Summary.

3If you want to Include item level permissions, check this box.

NOTE:  If you choose this option, processing time may increase, especially if the scope of your selection contains a large number of site collections and/or documents.

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

Analysis results include the following information about each OneDrive site collection in the scope of your selection:

·the following General Info About Shared Documents:

§the owner of the site collection

§the document name, owner, and URL of each "Share With Me" document on the selected site(s).

§If you chose to Include item level permissions, the following additional information displays

·# Shared Docments

·# Private Documents

·# Total Documents

·% of Shared Documents

·the name, owner, and URL for "Share With Me" Documents.

OneDriveSummary RESULTS

Related Documents