Writing Custom Entries to the Audit Log in Windows SharePoint Services 3.0

Applies to: Microsoft Windows SharePoint Services 3.0, Microsoft Office SharePoint Server 2007, Microsoft Visual Studio 2005

Ted Pattison, Critical Path Training

May 2007

Microsoft Windows SharePoint Services provides an auditing facility that allows you to see the actions users take within the context of a site collection. Examples of user actions that you can audit automatically include viewing, updating, and deleting list items and documents, as well as viewing site pages. One important limitation of the built-in auditing facility is that it cannot audit access to application pages that are deployed within the \LAYOUTS directory.

If you want to audit the actions of users as they view your custom application pages, you must add code that writes custom audit entries into the Windows SharePoint Services audit log. You can write custom audit entries within the context of any auditable object, such as those of type SPSite, SPWeb, SPList, and SPListItem.

Auditable objects, such as SPSite, SPWeb, SPList, and SPListItem, expose an Audit property. This property contains a reference to an SPAudit object that exposes a method named WriteAuditEvent. Here is an example of code within a custom application page that writes a custom audit entry for a specific SPListItem object.

When you write a custom audit entry by using the WriteAuditEvent method, Windows SharePoint Services records the name of the current user by using the identity of the executing code. That means you should avoid programming techniques that elevate privileges or that use impersonation before making the call to WriteAuditEvent because that can cause the wrong user to be associated with the audit entry.

When you call WriteAuditEvent, the first argument is an enumeration value of type SPAuditEventType, which indicates the type of audit entry you are making. The second parameter is a string that allows you to indicate the name of the audit source.

The third parameter passed to the WriteAuditEvent method is an open-ended string value that you can use to pass whatever custom data you want to record for a custom log entry. This allows you to pass a domain-specific XML document to track any type of information you want when writing an entry to the audit log for a particular event.

As you write custom XML documents into entries in the audit log, you also must provide the complementary code that reads these audit entries and interprets the data within these XML documents.

Watch the Video

Length: 5:15 | Size: 17.3 MB | Type: WMV