Home → LOGbinder for SP KB → Getting Started Guide → Installing LOGbinder for SharePoint

2.1. Installing LOGbinder for SharePoint

LOGbinder for SharePoint runs as a Windows service on a SharePoint server. It translates audit log entries in SharePoint, and outputs them to the LOGbinder SP event log, the Windows Security Log, a Syslog server or Syslog files.

For more information, please visit our web site https://www.logbinder.com/Products/LOGbinderSP/#tabs-Resources. There you will find a rich set of resources to guide you in setting audit policy, setting up audit log reporting and archiving, and so forth.

• Step 1 – Select Server and Check Software Requirements
• Step 2 – Check User Accounts and Authority
• Step 3 – Run the Installer

Subsequent sections cover:

• Configuring LOGbinder for SharePoint
• Monitoring LOGbinder for SharePoint

Step 1 – Select Server and Check Software Requirements

Select Server

If SharePoint is installed in a server farm environment, then LOGbinder for SharePoint would be installed on a single application, web front end or central admin server. Do not install LOGbinder for SharePoint on dedicated SharePoint database servers because the necessary SharePoint components are not present.

Software Requirements

• Microsoft Windows Server 2012 or later 64-bit versions
• Microsoft .NET Framework 4.8 or later
• Microsoft SharePoint (one of the following):
  • Microsoft SharePoint Server 2013 (including SharePoint Services/Foundation)
  • Microsoft SharePoint Server 2016
  • Microsoft SharePoint Server 2019 (including Subscription Edition)

Step 2 – Check User Accounts and Authority

Two user accounts are involved with LOGbinder for SharePoint.

1. Your account
   • The account you are logged on as when you install and configure LOGbinder for SharePoint.
   • Authority Required:
     • Member of the local Administrators group
       • Windows UAC sometimes interferes with this setting. It is recommended that you use the “Run as Administrator” option when running LOGbinder. You may also need to give your account as well as the service account modify permissions to the C:\ProgramData folder as described in the fourth bullet point below.
     • SharePoint farm administrator
2. Service account
   • The account that the LOGbinder for SharePoint (LOGbinder SP) service will run as. This domain account must be created before installing LOGbinder for SharePoint. This account does not need to be a local or domain administrator; the LOGbinder for SharePoint (LOGbinder SP) service can run in a least-privilege environment.
   • Authority Required: (See Appendix A: Assigning Permissions for details on granting these permissions)
     • SharePoint farm administrator
     • Member of the WSS_ADMIN_WPG group (not required for SharePoint 2010 installations, only for SharePoint 2013 and later)
     • Site collection administrator on each SharePoint site collection being monitored (LOGbinder will set this when the service is started.)
     • Privilege “log on as a service” (The installer will set this prerequisite.)
     • Permission to create, read, modify files in C:\ProgramData\LOGbinder SP (The installer will set this prerequisite.)
       • Please note that the ProgramData folder is a hidden folder, and it is not the same as the Program Files folder.
       • This LOGbinder SP folder will be created after LOGbinder is installed and the LOGbinder control panel is first started.
   • Note: LOGbinder for SharePoint uses the standard SharePoint API to access audit information. (See article LOGbinder SP use of SQL Privileges.) However, in some rare occasions, SharePoint requires more authority than is normally necessary. In these unusual cases, the user account as well as the service account needs additional privileges to the SharePoint databases. For further details on why, what, and how, see the article on Workaround if LOGbinder SP is having SQL database issues.

If outputting to Windows Security log

• Privilege "Generate Security Audit" (SeAuditPrivilege)
• Setting audit policy
  • Windows 2003:
    • Enable “Audit object access”
  • Windows 2008 or later:
    • Enable “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings” security option
    • Enable “Audit Application Generated” audit subcategory

Step 3 – Run the Installer

Download and run the installation package:

• For SharePoint 2013 and above, run the 2013 installer.
• For SharePoint 2010, run the 2010 installer.

On the page "Specify User Account," enter the username, domain and password of the service account (the user account that will run the LOGbinder for SharePoint (LOGbinder SP) service). The rights outlined above must be granted to the account before running the installer, or else LOGbinder for SharePoint will not install properly.

On the page "Select Installation Folder," it is recommended that you use the default setting, “C:\Program Files\LOGbndSP”.

If a dialog box "Set Service Login" appears, then the user account information entered previously was not valid. Confirm the account name and password, and re-enter the information.

Transferring settings to a new server

If LOGbinder was running in your environment before, but it now has to be installed on a different server, the following steps can be followed to transfer the settings to the new server. (Please note that LOGbinder is not recommended to be run on two servers at the same time in the same environment.) This not only saves setup time and reduces setup problems, but this will ensure audit log collection to be continued where LOGbinder left off so as to preserve a complete audit trail:

1. Make sure that on both the source (where LOGbinder was run before) and target (the new LOGbinder server) servers, the LOGbinder service is not running and the LOGbinder control panel is not open.
2. Go to the C:\ProgramData\LOGbinder SP folder on the source server.
• Please note that the ProgramData folder is a hidden folder, and it is not the same as the Program Files folder.
3. Copy all *.stg and *.xml files to the same folder on the target server.