Logging Events

One of the ways to troubleshoot any system is to have a robust logging system in place that can help you troubleshoot problems should they arise. One area to log for SharePoint Server 2007 is the Internet Information Services (IIS) platform. Because all the client calls come through IIS to the Windows SharePoint Services filter, you can capture who is connecting, when they are connecting, and which pages they are requesting. In addition, you can purchase third-party software that will give you more vigorous reporting capabilities.

Logging is also a security concern because you can track attack vectors that hackers might use to compromise your system. A robust logging system is essential for good security, and logging policies to be considered that relate to SharePoint Server 2007 include the following:

• Logs are required for all application systems that host sensitive information.

• Logs must support auditing requirements.

• Logs must provide accountability and traceability during an audit.

• Content of SharePoint Server 2007 logs must include specified information.

• Require a retention period for logs.

• Specify information to capture when a compromise is suspected.

• Require logging before a system can be placed in the production domain.

• Clock synchronization on all SharePoint Server 2007 servers with a master clock of all servers in production domain.

• Specify persons authorized to view logs.

• Logs must be reviewed on a regular basis by authorized personnel.