SharePoint Audit Log Storage

The SharePoint audit log is completely internal to SharePoint; in fact it is stored in the SharePoint content database.

The fact that the audit log resides in the content database raises resource and security issues. Audit logs can be extremely voluminous which, left unchecked, can artificially inflate the SharePoint content database consuming costly amounts of SQL Server storage and slowing down SharePoint response time and operations.

Moreover, wide accepted security best practice dictates that we remove audit logs as quickly as possible (if not in a near real-time stream) to a separate and secure log repository for the purpose of protecting the integrity of the audit logs from intruders and/or malicious administrators.

As with all audit logs, it is critical for security and compliance requirements to get the audit log out of SharePoint and into the organization’s SIEM/log management solution. To solve this and other needs with SharePoint I started LOGbinder and designed LOGbinder for SharePoint.

Upcoming Webinars

Additional Resources

Audit Log

•	Reporting
•	Storage
•	Purging & Archival
•	Alerting

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.