Unable To Access Uls Logs In Sharepoint Online: Options And Workarounds

ByThe SharePoint FAQs Team

Diagnosing the Core Issue

Universal Logging System (ULS) logs record detailed diagnostic trace information about operations within SharePoint Online. These logs provide critical troubleshooting data for administrators investigating issues in the SharePoint platform. However, Microsoft restricts direct access to ULS logs in SharePoint Online due to security and privacy reasons. This forces administrators to seek alternative methods for obtaining SharePoint Online ULS logs.

Microsoft only grants short-term elevation of privileges to access ULS logs for limited troubleshooting purposes. Platform operations, security fixes, compliance rules, and privacy regulations enacted by Microsoft strictly govern ULS log access in SharePoint Online. This access limitation aims to protect customer data but severely hinders troubleshooting capabilities for administrators.

Workarounds to Obtain ULS Logs

Unable to directly access SharePoint Online ULS logs, administrators can utilize several workaround methods to obtain logs for troubleshooting purposes:

  • Export SharePoint Online audit logs and convert them to ULS format using PowerShell scripts
  • Use third-party services designed to collect and analyze SharePoint Online logs
  • Configure diagnostic settings and Azure Monitor to aggregate platform logs for usage analysis

Each approach has advantages and disadvantages regarding complexity, cost, compliance, data insights, and custom reporting. Carefully evaluate the tradeoffs to determine the best ULS log access workaround for your SharePoint Online environment.

Using PowerShell to Export Audit Logs

SharePoint Online audit logs record user and administrator actions across sites. While not as detailed as ULS logs, audit logs contain useful troubleshooting information. Accessing audit logs only requires basic administrator permissions. These logs export via PowerShell to CSV format for conversion using the ParseSPOLog PowerShell script.

Here is example PowerShell code to export SharePoint Online audit logs to CSV:

#Binding to SPO Service
Connect-SPOService -Url https://contoso-admin.sharepoint.com

#Export Audit Log results 
Search-UnifiedAuditLog -StartDate '01/01/2023' -EndDate '01/31/2023' | Export-CSV -Path C:\Logs\AuditLogs.csv

The ParseSPOLog script converts the CSV to standard ULS log format. The script handles log parsing, taxonomy application, exception handling, and output file generation with custom settings configurable via input parameters:

#Download and import ParseSPOLog script
Import-Module -Name C:\Scripts\ParseSPOLog.ps1

#Convert exported audit logs to ULS format
ParseSPOLog -InputFile C:\Logs\AuditLogs.csv -OutputFile C:\Logs\ParsedULSLogs.txt -ShowExceptions

Parsing audit logs provides cost-effective, lightweight access to diagnotic data without needing elevated privileges. However, the logs contain less detailed technical information than standard ULS logs. Certain errors and issues may prove difficult or impossible to fully diagnose using only audit log data.

Log Collection with Third-Party Services

Reputable third-party logging providers specialize in aggregating SharePoint Online logs to facilitate troubleshooting without directly accessing ULS logs. These software-as-a-service solutions install agents on SharePoint farms to securely collect usage data and logs.

Examples include:

  • StealthBITS — Usage analytics and log search platform with SIEM forwarding. 30-day free trial.
  • ShareGate Log Collector — Focused log collection service. 14-day free trial version.

Third-party SharePoint log collectors carry a licensing cost and require evaluating trust levels with an external service provider. However, they excel at rapid log analysis compared to manual in-house parsing scripts. Useful features include log dashboards, custom reports, usage monitors, and real-time alerts.

Below demonstrates implementing StealthBITS Log Collector in a SharePoint Online environment:

  1. Obtain StealthBITS license with log analysis and SharePoint Online permissions
  2. Install lightweight Log Stream agent on SharePoint farm servers
  3. Agent aggregates usage telemetry, IIS logs, system logs etc.
  4. Secure HTTPS transmission sends aggregated data to StealthBITS cloud
  5. Log analysis UI available showing data visualizations, dashboards, and reports
  6. Powerful log search enables rapid troubleshooting of SharePoint platform issues
  7. Alerts trigger on defined log search queries indicative of problems

Enabling Diagnostic Logging in Azure Monitor

Azure Monitor provides centralized monitoring and analytics for cloud resources and on-premises environments. Enabling diagnostic settings for the SharePoint Online service plan in Azure Monitor allows aggregated collection of platform logs and metrics.

Administrators can activate enhanced diagnostics and logging within Azure Monitor via:

  • Platform Logs – Tenant analytics, audit records, sign-in logs.
  • Service Logs – Workplace Analytics, SharePoint insights.
  • Custom Logs – ULS logs redirected to Azure log storage.

The Log Analytics query language facilitates deep analysis of aggregated SharePoint Online logs in Azure Monitor. Examples of possible diagnostic queries:

 
// Show authentication errors last 7 days
AzureActivity | where OperationName contains "authentication" and ActivityStatus == "Failed" | where TimeGenerated > ago(7d)

// Count file operations by user 
AzureDiagnostics | where Category == "FileOperations" | summarize count() by user, file

Power BI integrates tightly with Azure Monitor allowing administrators to build custom visualizations and dashboards for log analytics. Alert rules can trigger from critical log queries indicating SharePoint Online issues.

Troubleshooting Common “Access Denied” Errors

Attempts to directly access SharePoint Online ULS logs typically result in vague “access denied” errors even for administrators. Troubleshooting tips include:

  • Confirm account has minimum SharePoint Online Administrator permissions
  • Request temporary Global Administrator privileges if needed for log access
  • Enable custom script execution on tenant via PowerShell Set-ExecutionPolicy command
  • Double check license agreements regarding third-party software and services
  • Open Microsoft support case if issues persist to request further log access

Working around ULS log limitations in SharePoint Online requires patience and careful planning. Aim to maximize diagnostic information gathered from available log sources while minimizing complexity and cost.

Leave a Reply

Your email address will not be published. Required fields are marked *