Everyone loves auditing, it fills the content DBs with such useful information. It's like Christmas came early for the SQL storage vendors!!
Seriously, I was attempting to use PowerShell to pull Auditing settings from our farm. Who has turned it on, what trimming settings have they selected, and what items are being audited?
Pretty simple stuff:
(Get-SPSite <siteURL>) | select -expand Audit
Returns something like this for a site with no Auditing enabled
UseAuditFlagCache AuditFlags EffectiveAuditMask
———————– ————- ———————–
False None None
———————– ————- ———————–
False None None
Great. Now if you find a site with Auditing enabled, that's where things get really wonky.
If someone has selected just "Opening or downloading documents, viewing items in lists, or viewing item", you get:
If someone has selected just "Opening or downloading documents, viewing items in lists, or viewing item", you get:
UseAuditFlagCache AuditFlags EffectiveAuditMask
———————– ————- ———————–
False View View
———————– ————- ———————–
False View View
Oooookkkk, not really a bit-on flag, but let's see where this goes.
If someone enables "Editing item", it looks like this:
If someone enables "Editing item", it looks like this:
UseAuditFlagCache AuditFlags EffectiveAuditMask
———————– ————- ———————–
False Update Update
———————– ————- ———————–
False Update Update
And if someone enables "Checking out or checking in items", it looks like this:
UseAuditFlagCache AuditFlags EffectiveAuditMask
———————– ————- ———————–
False 3 3
———————– ————- ———————–
False 3 3
Well, of course it does. Looks like the helpful folks at Microsoft decided that some Auditing options will return a word, and some will return a bit-on mask. Super helpful, great, thanks. Awesome.
Fear not, I'm here to help, and help I will. Below is a handy table showing you how to figure some of this mess out. If you look at the Audit Settings section under Site Settings, this will show you what you will see from PowerShell, and what the corresponding bit on equivalent is.
Documents and Items:
PowerShell Setting in Site Settings
————- —————————
View(4) Opening or downloading documents, viewing items in lists, or viewing item properties
Update(16) Editing items
3 Checking out or checking in items
6144 Moving or copying items to another location in the site
520 Deleting or restoring items
————- —————————
View(4) Opening or downloading documents, viewing items in lists, or viewing item properties
Update(16) Editing items
3 Checking out or checking in items
6144 Moving or copying items to another location in the site
520 Deleting or restoring items
Lists, Libraries, and Sites
PowerShell Setting in Site Settings
————- ————————-
160 Editing content types and columns
Search(8192) Searching site content
SecurityChange(256) Editing users and permissions
————- ————————-
160 Editing content types and columns
Search(8192) Searching site content
SecurityChange(256) Editing users and permissions
So, using some quick bit on math you can finally start to understand, from PowerShell, what auditing options your happy Site Collections Admins have selected. Now the fun part, go figure out how much space Auditing is taking up…
Open, Edit: 20
Open, Edit, check Out: 23
Open, Edit, check Out, Moving: 6167
Open, Edit, check Out, Moving, Delete: 6687
Open, Edit, check Out: 23
Open, Edit, check Out, Moving: 6167
Open, Edit, check Out, Moving, Delete: 6687
All Lists, Libraries, and Sites: 8608
All On: 15295
All On: 15295
Hope that helps…
No comments:
Post a Comment