Auditing User Activities in SharePoint 2007

Scope

This documentation is to find or trace user activities on SharePoint website

Purpose

When we enable Audit Logs in SharePoint, we can track all the events related to additions and deletions of users/groups in SharePoint.

We can trace the same events using SQL queries queried on site content database as a SharePoint Administrator in more detailed manner.

Steps for Auditing

Below are the queries which have been used to trace the user deletions:

1.       Get the group ID and Site ID from below query

SELECT * from Groups with (nolock) where Title=’GroupName’;

2.       Get all deleted instances of that particular site scope from the below query…

SELECT * from AuditData with (nolock) where EventData like '<roleid>-1</roleid><principalid>’Principal ID’</principalid>%' and ItemType=6 and Event=’Event Id’;

3.       Get the User details with the ID ‘Owner ID’ using the below query...

SELECT * from UserInfo with (nolock) where tp_ID=’Owner ID’;

4.       Get the permissions which are deleted in the above Site Scope by USER from below Query…

SELECT * from dbo.Perms with (nolock) where ScopeId=’Scope ID';

The specified web does not contain a reporting metadata list

When you view Audit log reports on a Microsoft Office SharePoint site, you receive the following error message:

The specified Web does not contain a reporting metadata list.

Guys- one of our clients has opened an incident ticket by mentioning that he is getting the above mentioned error message. If we notice the error message carefully then you will come to know that it’s clarifying something in the direction of site template.

I have started my troubleshooting to find out that if its works properly in Team site template then which are those templates are having these problems. Let me tell you that this troubleshooting took 2-3 hours to test each and every template to find out the correct resolution.

Finally I have successfully resolved this issue and here is my analysis:

This issue may occur if any of the following templates were used to create the default site:

1.   Document Workspace

2.   Wiki

3.   Blog

4.   Records Center

Note: To view Audit log reports, click Audit log reports  on the Site Actions/ Site Settings  menu.

Resolution:

To resolve this issue, run the following STSADM command on the SharePoint server for each affected site collection:

stsadm -o activatefeature -name Reporting -url http://yourssitecollectionurl/ -force

Please check and let me know in case of any further queries/questions, Thank you. Happy SharePoint to all of you :) :)

Unexpected Error when trying to view Audit Log Reports

Guys-from last few months I am trying my best to dig in SharePoint auditing and trying to explore so many things. While exploring, I am trying to create the error message so that it will be easy for me to know the root cause and resolution too. I would like to share my research and thorough findings so that it will be helpful for everybody to minimize the headache that we experienced while troubleshooting the issue.

If you receive an Unexpected Error trying to view the Audit Log Reports on their Site Collection:

·         Access the Site Collection. 

·         Go to Site Actions >Site Settings. 

·         Select Audit Log Reports. 

Error message:

Unexpected Error returned.

Resolution:

Please use the following steps to resolve this issue:

1.   Visit <SiteURL> /_layouts/ManageFeatures.aspx?Scope=Site

Example: https:// spsites.sharepoint.com/sites/amolsp2010 /_layouts/ManageFeatures.aspx?Scope=Site

2.   Deactivate the feature: Reporting. 

3.   Activate the feature Reporting. 

4.   Visit /_layouts/AuditSettings.aspx page and verify the Audit settings. 

5.   After some time, validate the reports are working as expected.

Please let me know in case of any queries/questions regarding the above mentioned information. Thank you.

Reference:

Cannot view audit log reports on site collection: http://sharepointknowledgebase.blogspot.in/2012/07/sharepoint-2010-cannot-view-audit-log.html

How to configure auditing: http://sharepointknowledgebase.blogspot.in/2010/09/sharepoint2010-site-collection-auditing.html

SharePoint 2010-Cannot view audit log reports on site collection

Auditing-Knowing who is taking what action on which content in your site collection can be critical in helping your organization fulfill its requirements, such as meeting regulatory compliance and records management. You save an audit log report as a Microsoft Excel 2010 workbook to a library in the site collection that you specify.

Few months before, I have already written an article on auditing configuration and I really wanted to thank you for your kind responses: http://sharepointknowledgebase.blogspot.in/2010/09/sharepoint2010-site-collection-auditing.html

But now in this article, I am trying to concentrate on one of the incident which has been faced by the local team members.

The issue was: After being enabled the Audit log reports, the link to "Audit log reports” remains unavailable (does not appear) on site collection settings

See, it was very easy to troubleshoot this issue so I request you to follow the below mentioned steps and I am pretty much confident that your issue will be resolved.

Resolution:

I am providing you two options here so you can use anyone as per your flexibility.

Note: in both the options, you must be site collection administrator for the site collection.

Option1:

1.   Open command prompt ( Start-> Run and type cmd ) 

2.   Change to the SharePoint 2010 path (\programfiles\Common files\Microsoft Shared\web server extensions\14\bin) 

3.   Run STSADM.EXE -o activatefeature -name Reporting -url http://sitecollectionurl -force (this may take a while on finishing) 

Option2:

1.   On the site that the Audit log reports are going t be activated

2.   Site Actions

3.   Site settings 

4.   On Site collection administration section

5.   click on Site Collection Features 

6.   Search for the Reporting feature 

7.   Click on Activate button 

Go back to Site Actions->Site Settings and on Site Collection administration section and verify that the link is available now

Please let me know in case of any queries/questions regarding the above mentioned information. I would be more than happy to help you as well as resolves your issues J J