SharePoint Online 获取Audit Log

  前言

  我们在使用SharePoint Online的时候,经常有用户希望获取Audit Log。

  正文

  我们都知道,SharePoint Online的Audit Log都保存在管理中心,这里,我就从网上找到一段PowerShell获取,大家可以参考

Get-PSSession | Where-Object { $_.ConfigurationName -eq 'Microsoft.Exchange' } | Remove-PSSession -ErrorAction SilentlyContinue
$UserCredential = Get-Credential

# Create the session to Exchange Online
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -Uri https://outlook.office365.com/powershell-liveid/  -Credential $UserCredential -Authentication Basic -AllowRedirection

# Import the Exchange Online commands
Import-PSSession $Session
$csvFile = "D:\auditlog.csv"

# Setup our start and end dates to pull back events
$end = Get-Date
$start = $end.AddDays(-90)
$i = 1;
$startTime = Get-Date

do
{
    $AuditData = Search-UnifiedAuditLog -StartDate $start -EndDate $end -RecordType SharePointFileOperation -ResultSize 5000 -SessionCommand ReturnLargeSet -SessionId "ExtractLogs" -SiteIds "19739e8e-c67c-452b-bc77-9d62dd3e1b6d"
    $ConvertedOutput = $AuditData | Select-Object -ExpandProperty AuditData | ConvertFrom-Json
    $ConvertedOutput | SELECT CreationTime,UserId,Operation,Workload,ObjectID,SiteUrl,SourceFileName,ClientIP,UserAgent | Export-csv $csvFile -NoTypeInformation -Append -Force 
    Write-Host $i++ . $AuditData.Count
    $i = $i + 1;
}
Until($AuditData.Count -eq 0)

$endTime = Get-Date
Write-Host $startTime - $endTime

  特别的 

  Get-Credential是通过打开浏览器,输入账号密码的方式进行认证的,这个认证方式其实多种多样,也有后台写死用户名密码的方式,或者通过pfx秘钥的方式,大家有需要也可以去找一找相关文档。

posted @ 2023-03-16 22:47  霖雨  阅读(37)  评论(0编辑  收藏  举报