This post provides information about the item level auditing and how the server side object model works.
When you create site collection the auditing is not enabled by default. Each content database has a AuditData table to store the auditing information. You can enable the auditing at the site collection level through Site Settings => Site Collection Audit Settings. You can view the Audit Logs through Site Settings –> Audit Log Reports.
When no auditing is enabled and if you try to see / generate any of the available audit reports you will end up with a screen which says “Something went wrong”.
Now let’s walk through 2 scenarios to get some understanding about the SharePoint 2013 Item level Auditing.
Scenario 1 – No Auditing
Now in a clean new environment we will check the Audit status of the SPSite, SPWeb, SPList, SPListItem.
In the example we have a site collection and it has a Document Library names “AuditDocLib” and it has one document.
When we run the above code AuditFlags of the SPSite, SPWeb, SPList and SPListItem is None.
Scenario 2 – Enabling Audit for specific ListItem
Now we’ll enable the auditing for a specific document in the AuditDocLib.
Notice that the report also has the log entries for the Library (AuditDocLib). It is obvious that if a person want to view an item in the library more often he/she has to navigate to the corresponding List/Library and view the Item. But we didn’t specify to audit the Library; in the code the AuditMask is set only for the item.
Again we’ll run the PerformAuditFeatureCheck method to check the AuditFlags
You can see that the AuditFlags for the AuditDocLib is still None. This is because AuditFlags were not set for the AuditDocLib explicitly beacuse there’s no <NewAuditMask>4</NewAuditMask> event against the AuditDocLib.
This also hints us a point that just by retrieving the AuditFlags of a List / Library through the object model doesn’t give you the full insight of whether the particular List / Library is being audited. AuditFlags property gives the value of the last explicitly set AuditMask.