SharePoint Audit Log Storage
The SharePoint audit log is completely internal to SharePoint; in fact it is stored
in the SharePoint content database.
The fact that the audit log resides in the content database raises resource and
security issues. Audit logs can be extremely voluminous which, left unchecked, can
artificially inflate the SharePoint content database consuming costly amounts of
SQL Server storage and slowing down SharePoint response time and operations.
Moreover, wide accepted security best practice dictates that we remove audit logs
as quickly as possible (if not in a near real-time stream) to a separate and secure
log repository for the purpose of protecting the integrity of the audit logs from
intruders and/or malicious administrators.
As with all audit logs, it is critical for security and compliance requirements
to get the audit log out of SharePoint and into the organization’s SIEM/log management
solution. To solve this and other needs with SharePoint I started LOGbinder and
designed
LOGbinder for SharePoint.
Next: