In-Depth

Audit for SharePoint

Learn to track changes in your SharePoint team sites and document libraries.

• By Danielle Ruest and Nelson Ruest
• 09/01/2005

Quick Facts
Syntergy Audit for SharePoint, version 1.3
Syntergy Inc.
Web: http://www.syntergy.com/sharepoint/products/current/audit/index.html
Phone: (858) 459-6356
Pricing: $7,500

Quick Facts: Audit provides much needed relief in the form of tracking changes to documents stored within Microsoft Office SharePoint Portal Server 2003 databases. It is simple to install, provides a simple user interface, and is easy to administer. It tracks any activity recorded against any document stored in the SPS database.
Pros: Audit is not the only product of its kind on the market, but it is the only one that does only document auditing. Others require you to implement a full records-management system. Easy install and easy to operate. Good level of information on tracked documents.
Cons: Only tracks document activity. Does not yet track all activity within the SharePoint Portal.

Microsoft's new version of Office SharePoint Portal Server 2003 has been making great headway into the collaboration marketplace. It's no wonder. It's fairly easy to install, scales well and provides a complete series of features for team collaboration and communication within the enterprise. There is one drawback, though: It's nearly impossible to track change within SharePoint Portals. This is because everything is stored within a Microsoft SQL Server 2000 backend database, which means traditional security event tracking tools such as the Windows Server security log cannot track changes made to any documents within the portal. Microsoft is in the early stages of a new tool, Audit Collection System (ACS), which will allow organizations to collect audit and other security events from individual Windows event logs and store them into a central SQL Server database. But ACS will be as blind to SharePoint changes as the Windows event log is now.

When it comes to activity logging in the portal, you have two choices and two choices only: "view Internet Information Services logs" and "read SQL Server transaction logs." Both leave a lot to be desired. IIS logs include any and all activity performed with the portal interface, but these activities are often performed by a single central account on behalf of the user. This is not very useful information. SQL Server transaction logs are less than friendly to say the least, and parsing through them is best left to automated programs that, unlike humans, probably don't care about the format. Where does that leave the security-conscious organization?

Don't fret. There is a solution—and a simple one to boot. Syntergy Inc. produces a nifty little tool named Audit for SharePoint. Although this tool is not the only one of its kind, it is the only one that provides only auditing features. Others include the auditing feature inside a full-fledged records-management system that integrates with SharePoint. Acquiring a records-management system just to be able to track changes in SharePoint seems like overkill, so Audit for SharePoint is a solid alternative. This tool does only one thing, but it does it well. For documents, it tracks whether it has been inserted, viewed, renamed, checked out, checked in, locked, unlocked, unchecked out, updated, or deleted. For folders, it tracks when they have been inserted, renamed, moved, or deleted. All tracking data is stored within a new table in the SharePoint database. To view the audit trail of any document, you simply click on a document link in the document library (see Figure 1). Clicking on this link takes you to the audit trail for the document at hand (see Figure 2). This lists all activity on the document or folder.

Installation is as simple as can be—simply run the administrative Windows Installer or MSI file. Once you run this file, you need to move to a special SharePoint folder on the server to run a batch file named Admin_Audit_Install.bat. This finalizes the configuration of the administrative interface. To install the client component, you use the same procedure, but this time you run the ows_Audit_Install.bat file. Finally, you need to edit the web.config file to enable the tag. This will give users access to the audit trail table in the SharePoint SQL Server database. That's it. If you have all the prerequisites in hand—which mostly consist of having a working SharePoint Portal Server site that also includes an installation of Windows Server 2003 and SQL Server 2000—your installation could be as quick as 10 to 15 minutes.

Audit for SharePoint also includes an administrative site that allows administrators to search on criteria for audit events on the entire portal or on individual sites (see Figure 3). This page also lets them filter searches to narrow them down to specific criteria. Security-conscious firms should take a close look at Audit for SharePoint because it is one of the only tools on the market that tracks changes in SharePoint. Unfortunately, its tracking is currently limited to documents and folders only. It does not track any other event such as modifying or working with task lists, contact lists and other portal features. It would be ideal to be able to track all of these events in SharePoint. Perhaps in a future version of Audit? Only Syntergy can tell at this stage.

Meanwhile, Audit for SharePoint does provide some much needed tracking for documents. The price tag might be steep for small firms, but any mid-sized to large organization that wants to make serious use of the powerful collaboration features of SharePoint should definitely include this tool in their sites.