Reporting Log In and Log Off Events Using the SharePoint Audit Suite
Our SharePoint Audit product is no longer available. Instead, please check out this alternative product from our sister company: Aquaforest CheckPoint.
In part 2 of our series about New features in Muhimbi SharePoint Audit 2.0 we are diving into another unique facility that tracks when users log-in to or log-off from a SharePoint Site collection, also known as Authentication Tracking.
Although this great new functionality works straight out-of-the-box, you may want to put some thought into configuring it in a manner appropriate to your organisation’s requirements.
This blog post shows what is involved in configuring and using the Authentication Tracking facility. Part 1 of this series, tracking and reporting field level changes, is available here.
Configuration
The Authentication Tracking facility doesn’t require much configuration. However, as SharePoint is a browser based solution, there is no such thing as a ‘log-off’ event. Instead the Muhimbi Audit Suite looks at a user’s activity, or rather a lack of activity, to determine if a user has logged-off. The default setting is to record a ‘log-off’ event after 30 minutes of user inactivity, but this can be changed (at the Web Application level) using the Configure Audit Log Crawler screen in Central Administration.
You will also need to enable the tracking of Authentication events. You can do this at the global Farm, individual Web Application or even at the Site Collection Level (For details about our hierarchical configuration system see the Administration Guide.
There is one big caveat associated with how we track Authentication events. As mentioned before, we determine these kind of events based on a user’s activity, specifically the audit events logged by the user. As a result you can’t just enable the Authentication Audit event without enabling at least one other Audit Event Type, otherwise there is no activity to track. The most frequently logged audit type is the View event so it is recommended to enable that event type alongside the Authentication Type.
Reporting
The ability to track Authentication events is great, but naturally you want to be able to report on this data as well. The standard Audit Query screen that ships with the Muhimbi SharePoint Audit Suite can be used, but if you are just interested in reporting Authentication Audit events then you can also run the stock Log in and Log out report from the Run Audit Reports screen.
After running a report the results are initially presented in a browser window. To get a better overview it is recommended to click the Export Audit entries to Excel link. By default this shows a report grouped by Date and User. However, it is also possible to change the grouping options, e.g. group just by User to get a quick overview of a user’s activity over time.
Naturally it is also possible to include all other Audit events in the same report to get a full overview of what the user has been doing exactly between logging in and logging out
This concludes the high level overview of Authentication Events. If you have any questions then feel free to contact us. If you wish to learn more then just download the Trial version or read the Administration Guide, you don’t even need to register.
Clavin is a Microsoft Business Applications MVP who supports 1,000+ high-level enterprise customers with challenges related to PDF conversion in combination with SharePoint on-premises Office 365, Azure, Nintex, K2, and Power Platform mostly no-code solutions.