The problem with SharePoint was obvious, at least to a Microsoft security guy: “The security log—the auditing of Windows in particular—the data you get is so arcane and so cryptic, it takes someone who lives and breathes it to interpret it,” says Randy Franklin Smith, security expert and solution provider. “I was excited to hear that Microsoft added native security auditing to SharePoint. But it’s auditing at the database level, which is SQL Server.
“You need auditing at all levels. I looked at it and determined that it was too rudimentary to be useful to IT admins. The data isn’t translated and has to be read with code. Plus the audit log is trapped within the database. You want all your log data in one place.”
The solution was obvious, at least to a Microsoft security guy: Do something about it. So Smith created LOGBinder SP.
What does LOGBinder SP do? “We translate what happened. Say Bob the admin adds Alice to the financial group. But you see a number, not Alice—just a number that’s unique to that row in that SQL database. We’ve written the code that knows where to go to translate the numbers into data."
"We plug our little wedge of technology into the gap. LOGbinder SP is architected to quickly get audit events out of the SharePoint audit log and to the destination of your choice at which point your log management solution takes over.”
What kind of organization uses LOGBinder? “It requires a company that has realized how much critical data is moving to SharePoint.”
LOGBinder SP works in both MOSS 2007 and WSS 3.0. “WSS 3.0 has the audit capability but it’s not exposed. There’s no way to turn it on nor to get audit reports. MOSS 2007 you can turn on auditing and there are a handful of Excel reports you can get that are unreadable,” Smith says.
In SharePoint 2010, when it comes to auditing, Microsoft “added a pruning capability,” he says dismissively. Needless to say, “We will support 2010.” To learn more about LOGBinder SP, see the website.
