Chat now with support
Chat with Support

Metalogix ControlPoint 8.2 - for Office 365 User Guide

Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects Managing Audit Settings Managing Metadata Managing SharePoint User Permissions Data Analysis and Reporting Scheduling a ControlPoint Operation Saving, Modifying and Executing Instructions for a ControlPoint Operation Provisioning SharePoint Site Collections and Sites Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity About Us

Analyzing Audit Log Contents

The ControlPoint Audit Log analysis extends SharePoint's built-in audit logging by letting you easily view entries written to the audit log.  You can focus your analysis on specific event types, and even limit the scope to include only certain objects (sites, lists, documents, etc.).

Audit logging must be enabled for each site collection whose events you want to log.

How ControlPoint Online Gathers Audit Log Data

When an Audit Log analysis is run, ControlPoint Online prompts SharePoint to gather the requested data.  The data collected by SharePoint is saved to a document library at the root site of each site collection within the scope of the analysis.  The library to which this data is saved is defined by the ControlPoint Configuration Setting HostedAuditLogReportList.

HostedAuditLogReport Library

To generate an Audit Log analysis:

1Select the object(s) for which you want to view audited events.  

NOTES:

§If the scope of your analysis includes site collections that have been deleted, audit events associated with that site collection will no longer exist.

§As with all ControlPoint analyses, if you initiated the analysis from the farm or site collection level, all child items will be included by default.  If you initiated the analysis at the site level, only information for that site (not its subsites) will be included.  You can, however, use the Change Selection option to further refine your scope.

2Choose Audit and Alerts > Audit Log.

3Specify one or more of the following parameters for your analysis:

§select both a Start and End date ( ) and time ( ) for which you want to report

The time period for which you can generate an audit log analysis depends on how many days audit data is retained.  The ControlPoint default is 0 (meaning that audit data is never deleted), but the ControlPoint Application Administrator can specify a different value via ControlPoint Configuration Settings.  

§select the User(s) whose actions you want to audit (or leave blank for all users)

§enter a relative URL (note that you can enter a url down to the item level; you can also use an asterisk (*) at the beginning and end of a url as wildcards)

EXAMPLES

§sites/al*

§sites/alpha/shared documents/xcrSummaryReport.pdf

§select one or more Event types from the list box.  Refer to the topic Events Captured in SharePoint Log.  

CAUTION:  Although you have the option of viewing ALL events, if you select this option your result set may be extremely large.  One reason is that SharePoint records some events (such as a View) as a series of several events.  Also, some event types (such as Update) may encompass a wide variety of events.

Audit Log PARAMETERS - Cloud

§If you want the report generated by SharePoint to be deleted from the SharePoint library(ies), check Delete report generated by SharePoint.

NOTE: ControlPoint saves the SharePoint report to a file that includes a date stamp.  Therefore, if you leave this box unchecked, a new report will be saved to the library(ies) each time the analysis is run (that is, it will not replace a previously-saved report).

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

Information in the Audit Log analysis

The Audit Log analysis contains the following information:

§the Date and time that the event occurred

§the User responsible for the event

§the Event type

§the Scope of the event, which may be:

§site collection (Site)

§site (Web)

§List

§Folder, Document, or List Item

§the name of the Site Collection and Site on/within which the event occurred.

§the relative URL for the list or document/item.

NOTE:  If auditing has been enabled at the site collection level, the URL for the document or item will display.  If auditing has been enabled at the site level or below, the URL for the list itself (but not the document or item within the list) will display.

Depending on the event type, additional detail may display beneath each line item.

 

Analyzing Change Log Contents

The ControlPoint Change Log lets you view the contents of SharePoint change logs for one or more selected event types.

To generate a Change Log analysis:

1Select the object(s) for which you want to view change log entries.  

2Choose Audit & Alerts > Change Log Analysis.

3Specify one or more of the following parameters for your analysis:

§select both a Start and End date ( ) and time ( ) for which you want to report

The time period for which you can generate a change log analysis depends on how many days change log data is retained.  ControlPoint relies on the history maintained by SharePoint.  SharePoint for Office 365 retains Change Log data for 60 days.

§enter a relative URL (note that you can enter a url down to the item level; you can also use an asterisk (*) at the beginning and end of a url as wildcards)

EXAMPLES

§sites/al*

§sites/alpha/shared documents/SharePointPlanning.docx

§select one or more Event types from the list box.  Refer to the topic Events Captured in SharePoint Logs  for guidance in selecting the appropriate event type(s).

Change Log PARAMETERS

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

Information in the Change Log Analysis

Change Log RESULTS

The ControlPoint Change Log Analysis contains the following information:

·the Date and time that the event occurred

·the Scope of the event

·the Event type

·the individual the event was Performed By

NOTE:  For many event types, SharePoint change logging does not record the user who performed the event.  In such cases, the value "None" will appear in the Performed By column.

·the name of the Site Collection and Site on/within which the event occurred.

·the URL for the item (if applicable).

 

Analyzing SharePoint Alerts

The following analysis tools provides information about SharePoint alerts that have been created for users in your SharePoint environment:

·SharePoint Alerts by Site lets you review alerts that have been created within one or more selected sites.

·SharePoint Alerts by User lets you review alerts that have been created for one or more specific users.

 

Analyzing SharePoint Alerts by Site

The SharePoint Alerts by Site analysis provides the following information about SharePoint alerts that have been set within one or more selected sites:

·the user for whom the alert was set

·the list or item on which the alert was set

·alert properties (including event type and frequency), and

·the date and time of the next alert.

To generate a SharePoint Alerts by Site analysis:

1Select the object(s) you want to include in your analysis.

2Choose Audits and Alerts > SharePoint Alerts by Site.

3Specify the parameters for your analysis.

Now you can either:

·run the operation immediately (by clicking the [Run Now] button)

OR

·schedule the operation to run at a later time or on a recurring basis.

OR

·save the operation as XML Instructions that can be executed at a later time.

The top level of analysis results lists all of the Web applications within the scope of your analysis.

When expanded, a list of sites on which alerts have been set displays, along with the following detail about each alert:

·the Site for which the alert was created

·the Titles of the list, and if applicable, item, for which the alert was set

·each of the Users for whom the alert was set, along with:

§the title of the Alert

§the alert Type (List or Item)

§the Event that triggers the alert and, if the alert was created for an item, the Filter (that is, the option selected for "Send Alerts for These Changes")

§the Next Alert date and time

SP Alerts by Site RESULTS

 

Related Documents