Go Up
You are here: AdministrationAdditional ConfigurationExclude Objects from Monitoring ScopeSharePoint Online Monitoring Scope

Exclude Data from SharePoint Online Monitoring Scope

You can fine-tune Netwrix Auditor by specifying data that you want to exclude from the SharePoint Online monitoring scope.

To exclude data from SharePoint Online monitoring scope

  1. Navigate to the %ProgramData%\Netwrix Auditor\Netwrix Auditor for SharePoint Online\Configuration\ folder and locate your monitoring plan.

    NOTE: If you have several monitoring plans for monitoring SharePoint Online, configure omitlists for each monitoring plan separately.

  2. Edit the *.txt files, based on the following guidelines:

    • Each entry must be a separate line.
    • A wildcard (*) is supported, except for omiteventloglist.txt.
    • Lines that start with the # sign are treated as comments and are ignored.
File Description Syntax

omitstorelist.txt

Contains a list URLs of SharePoint Online objects to be excluded from audit data collection.

https://URL

For example:

https://Corp.sharepoint.com/*

omiteventloglist.txt

Contains a list of event IDs to be excluded from the Netwrix Auditor System Health event log.

event ID

For example:

1001

NOTE: Only add known error or warning events, otherwise you may lose important data.

omitreadstorelist.txt

Contains the SharePoint Online lists, documents, etc., to be excluded from being monitored for read access.

https://URL

For example:

https://Corp.sharepoint.com/*

*list/document.docx

omituserreadstorelist.txt

Contains a list of user accounts to be excluded from read access monitoring.

Provide user name in the UPN format.

For example:

account@example.*.com

Go Up