前言
我们在使用SharePoint Online的时候,经常有用户希望获取Audit Log。
正文
我们都知道,SharePoint Online的Audit Log都保存在管理中心,这里,我就从网上找到一段PowerShell获取,大家可以参考
Get-PSSession | Where-Object { $_.ConfigurationName -eq 'Microsoft.Exchange' } | Remove-PSSession -ErrorAction SilentlyContinue
$UserCredential = Get-Credential
# Create the session to Exchange Online
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -Uri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
# Import the Exchange Online commands
Import-PSSession $Session
$csvFile = "D:\auditlog.csv"
# Setup our start and end dates to pull back events
$end = Get-Date
$start = $end.AddDays(-90)
$i = 1;
$startTime = Get-Date
do
{
$AuditData = Search-UnifiedAuditLog -StartDate $start -EndDate $end -RecordType SharePointFileOperation -ResultSize 5000 -SessionCommand ReturnLargeSet -SessionId "ExtractLogs" -SiteIds "19739e8e-c67c-452b-bc77-9d62dd3e1b6d"
$ConvertedOutput = $AuditData | Select-Object -ExpandProperty AuditData | ConvertFrom-Json
$ConvertedOutput | SELECT CreationTime,UserId,Operation,Workload,ObjectID,SiteUrl,SourceFileName,ClientIP,UserAgent | Export-csv $csvFile -NoTypeInformation -Append -Force
Write-Host $i++ . $AuditData.Count
$i = $i + 1;
}
Until($AuditData.Count -eq 0)
$endTime = Get-Date
Write-Host $startTime - $endTime
特别的
Get-Credential是通过打开浏览器,输入账号密码的方式进行认证的,这个认证方式其实多种多样,也有后台写死用户名密码的方式,或者通过pfx秘钥的方式,大家有需要也可以去找一找相关文档。
标签:Audit,Log,Get,Exchange,SharePoint,PSSession,AuditData,Online From: https://www.cnblogs.com/jianyus/p/17222436.html