1 of 100

Sitecore PowerShell Extensions

Introduction

About the Module

The (SPE) module is a Sitecore development accelerator that can drastically increase your productivity and curtail the amount of time it takes to deliver a Sitecore solution.

The module provides a command line (CLI) and a scripting environment (ISE) for automating tasks. SPE works with the Sitecore process, capable of making native calls to the Sitecore API and manipulating files. Running commands and writing scripts follow the standard and well-known Windows PowerShell syntax. Windows PowerShell is a common tool used in IT for desktop and server management, so we decided to stick with that as a framework to build upon.

Disclaimer

Since every environment is different, all code should not be run in a production environment without your team or organization thoroughly testing first. We recommend the use of a test lab environment often referred to as a development/staging instance of Sitecore.

The disclaimer is provided because someone somewhere will inevitably not follow this recommendation and if they do hose their Sitecore environment, they have no one to blame but themselves.

All data and information provided in this book are for informational purposes only. Adam Najmanowicz, Michael West, and the SPE Team make no representations as to accuracy, completeness, currentness, suitability, or validity of any information in this book and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information found in this book is provided "as is" with no express or implied warranties.

Installation

Review prerequisites and details on how to get setup with SPE.

Prerequisites

Take a quick look at the to see which version of SPE you should be installing that is compatible with your Sitecore environment. Generally SPE has pretty good backwards compatibility but may require a new version to support the latest Sitecore CMS release.

Windows Management Framework 5.1 (PowerShell) is generally available for most Windows environments.

Training

Comprehensive guide to learning SPE from beginner to advanced.

The world renowned Sitecore PowerShell Extensions module has so much to offer, but sometimes those new to the module may find it difficult to know where to start. This training guide provides you with everything you need to use and be productive with SPE.

Don't worry, you will be able to use it without having to write any code.

Learning Path

This guide provides a progressive roadmap from beginner to advanced SPE user. Follow this path to build your skills systematically:

Interfaces

SPE includes several built-in interfaces for managing and executing scripts, as well as provides tools for modifying content.

Here we'll discuss the Console, ISE, and other dialogs made available through SPE.

Console

The Console is a command line interface (CLI) designed for efficiency, providing a streamlined tool for working with Windows PowerShell and Sitecore.

The default security configuration for SPE requires the Console to be in an before allowing the execution of commands. The following figure shows the Console when the User Account Controls (UAC) are disabled. While this is a common configuration for developers, we highly encourage you to ensure UAC is enabled in higher environments.

Shortcuts

Below are the shortcuts available in the console.

Interface Configuration

Colors

The Console, ISE, and Result dialog all provide a way a way to view output data. The $host variable provides access to configuring the colors for this output data.

Example: The following configures colors for the background and forground text in multiple streams.

Help

There are multiple methods of accessing help documentation in SPE to provide you with information on the commands available to you.

Viewing all available commands

A report is available which will show you all available SPE commands:

When executed, this report provides a paged view of the SPE commands.

Viewing command help

Console

To display the available help for a command in the Console, simply use the Get-Help command:

For full documentation, including examples, use the -Full parameter:

ISE

Through the Integrated Scripting Environment (ISE), SPE provides a method of acccessing help for available commands. To view the help for a command, simply highlight the command and press Ctrl + Enter.

After doing this, a dialog will appear with the relevant help information:

Documenting functions

When writing scripts, you are able to include formatted comments that will be used to provide help text for functions. If formatted correctly, this help text will be available through the methods described above.

Example: A simple function with documentation:

Once the script containing this function has been invoked, the help text will be available:

For further information on comment-based help, refer to the .

Online appendix

Online help is additionaly available for all SPE commands in this documentation, with detailed explanations of commands and their parameters, along with useful examples. These can be found in the .

Item Languages

The section on working with items provided a variety of examples in retrieving items based on their language. In this section will show how to manage items and their languages.

Add Language Version

Example: The following example queries all of the content items and adds a new language version of "en-ca", while overwriting any that exist.

Example: The following example adds a language version from English to US and Polish while leaving the Title field blank. If a version already exists nothing happens.

Example: The following example adds a language version from English to Polish of Template Name Sample Item. If the version exists a new version is created for that language. Finally the results are displayed as a table showing only the Name, Language, and Version.

Example: The following example adds a language version in Polish to the Home item and all its children. If the version exists nothing happens. No fields were harmed in the making of this version.

Remove Language Version

Example: The following example queries all of the content items and removes the language version of "fr-CA".

New Item with Forced Language Version

Example: The following example creates a new item with language versions only matching the specified languages; all other language version are removed.

Parameters and Configuration

Supported parameters:

-Recurse Translates item and its children
-IfExist Accepts one of 3 pretty self explanatory actions: Skip, Append or OverwriteLatest

On top of the ignored fields in the -IgnoredFields the following fields are ignored as configured within the Spe.config file:

References

Item Renderings

In this section we'll show how to manage item renderings.

List renderings

Example: The following demonstrates the use of Get-LayoutDevice and Get-Rendering to find all renderings on a page associated with the FinalLayout.

Modules

Sitecore PowerShell Extensions provides an organization structure composed of modules, libraries, and scripts. Modules make up the highest level and can be grouped together by module folders.

Some benefits to using modules:

The contained within each module can be enabled or disabled globally. For this to take full affect the integration should be rebuilt in the ISE.
Organization of custom scripts is a cinch.

Integration Points

The SPE Modules support a wide variety of predefined script libraries to help with exposing scripts to the Sitecore interface.

The following list outlines the available libraries for Integration Points that may be added to modules. These may also be generated automatically when creating or updating modules.

Be certain to enable the module when you need to use it.

Control Panel

Administration

Note: Examples included in the following modules

System Maintenance

Analytics

Database

Globalization

Preferences

Reports

Note: Examples included in the following modules

System Maintenance

Security

Data Sources

Scripted Data Sources provide a way to use a PowerShell script to perform complex queries.

Here are some good reasons to use this feature:

Delivering complex functionality based on multiple criteria.
Your field may need to provide different set of items to choose from based on:
- user name or role (in simplest case this can be done using right management, but maybe not always possible in a more elaborate scenario)
- current day or month?
- In a multisite/multimarket scenario you may want to show different items for each site
  based on engagement analytics parameters of the page
  based on where in the tree an item exist (some of it can be done with use of a “query:”)
- anything you might want to build the code data source for…

Something that would be beyond the reach of a regular Sitecore query and potentially something that you would really need to deliver code source for. But maybe you’re not in a position to deploy that on your environment?

Field Data Source

Field Data Source provides a great opportunity for a script.

Below are field types you may wish to use a script:

Checklist
Droplist
Grouped Droplink
Grouped Droplist

Rendering Data Source Roots

//TODO

Rendering Data Source Items

//TODO

References

PowerShell Scripted Data Sources and
Sitecore Spark on using scripted datasources

Event Handlers

The Event Handler integration provides a way to execute scripts when defined events are fired.

Steps required to activate this integration include the following:

Enable the Spe.Events.config or apply your own patch with the required events enabled.
Add a new integration point library to your new or existing module.
Add a new script to the appropriate event library.
Configure an Enable Rule if needed.
Profit!

Enable Configuration

While SPE comes with an example configuration, which is disabled by default, it contains several events that may not meet your requirements.

An event configuration patch may look like the following:

Add Event Script

To mimic the event item:added you should create nested script libraries such as Event Handlers -> Item -> Added followed by a script.

Functions

The Functions integration allows for scripts to be discoverable through autocomplete while authoring scripts. Functions can be "disabled" by disabling the containing module.

Begin by adding a script library called "Functions" to a module. This can be created by the new module wizard.
Add a script to the "Functions" script library with a name that represents the purpose.
Use the command Import-Function

ISE Plugins

Custom ribbon commands for use in the ISE.

You can include custom ribbon commands in the ISE to aid in improving the script authoring experience.

Add a custom plugin

For this example, we wish to have a plugin that analyzes the script and reports on any errors.

Create a new script stored under the following structure:

Page Editor

Notification

The Notification integration reveals to the user a notification above the content. The Sitecore rules engine may be used to control the enabled state; simply configure the Enable rule on the script. The script is executed every time the page loads.

Example: The following adds an information notification to the page for Sitecore 8 and a warning for Sitecore 7.

$title = "Thank you for using SPE!"
$text = "Today is $([datetime]::Now.ToLongDateString())"
$icon = @{$true="Office/32x32/information.png";$false="Applications/16x16/warning.png"}[$SitecoreVersion.Major -gt 7]

$notification = New-Object -TypeName Sitecore.Pipelines.GetPageEditorNotifications.PageEditorNotification -ArgumentList $text, "Info"

$notification.Icon = $icon
$pipelineArgs.Notifications.Add($notification)

Note: Examples included in the following modules

License Expiration

Experience Button

The Experience Button integration adds a button to the Page Editor. Rules can be used to control visiblity and enablement. The script is only executed when the button is clicked.

Begin by adding a new script to the Experience Button library. The name of the script will appear in the tooltip.
Edit the script to perform the appropriate actions. The script can run in the background and show dialogs.
Change the icon of the item to match the script purpose.
Configure any Enable

Example: The following adds a command which will display a dialog asking a question, then send an email with the response.

Pipelines

Use the following in your scripts to get access to the arguments passed to the processor.

 $pipelineArgs = Get-Variable -Name pipelineArgs -ValueOnly

Configure any Enable rules to ensure your script only runs when necessary.

Logging In

Note: Examples included in the following modules

Enforce user password expiration

Logged In

Note: Examples included in the following modules

Automatically show quick info section

Logout

Note: Examples included in the following modules

Unlock user items on logout

Tasks

The task scheduler is a great way to run scripts in a periodic fashion. You may find the need to automatically archive log files into a compressed file. Perhaps send an email with a generated report based on stale site content.

Video Tutorial

Click for a demo

Scheduled Task Command

To help make the setup simple, we've provided a Task Command.

The command shown above is simply a type exposed as a public method in the Spe assembly. There exists an update method which accepts one or more items and executes the associated script.

Beneath Schedules you can create as many tasks as Sitecore will allow. Configure the Command and Items fields like that shown below.

The Items field contains the path to a script in the Script Library.

Below are some of the scripts found out-of-the-box with SPE.

Module

Script

Create and Manage Tasks

We've added a context menu item to provide you with a shortcut to the Task Scheduler Editor.

Create a new scheduled task:

Run or edit the scheduled task:

The scheduled task is capable of running 1-to-many scripts. Choose all that apply for the selected task. Each script runs within a shared session, making it possible to share results between scripts.

Note: Make use of the Enable Rule to take advantage of the rules engine.

The task schedule has an intuitive dialog for working with and changing the frequency.

Note: Examples included are in the following modules

License Expiration
Media Library Maintenance
System Maintenance

See how Adam added .

Authoring Tasks

The Sitecore task scheduler is capable of running PowerShell scripts when using the task command PowerShellScriptCommand. The Task Management module includes a few shortcuts to managing tasks.

The module provides the ability to create, edit, and run scheduled tasks.

References

Toolbox

The PowerShell Toolbox is quick way to access frequently used scripts.

Navigate to Sitecore -> PowerShell Toolbox and after selecting you should see the configured scripts:

Note: Examples included in the following modules

Authorable Reports
Logged in Session Manager

Web API

The Web API integration point exposes scripts through a url. This can be especially helpful when a script needs to be executed on the server but without knowledge of the script contents.

The url will look something like the following: https://remotesitecore/-/script/v2/master/homeanddescendants?user=sitecore\admin&password=b

Here's the url broken down:

API Version - Specifies which service is being requested.
- v2 - This is the service that executes scripts stored in the integration point library.
Database - Specifies which database contains the script.
- master - This database requires the credentials to be provided.
Script - Specifies the name of the script contained in the database. The SPE module containing the script needs to be enabled otherwise you'll receive a 404 error.
- homeanddescendants - Replace this name with whatever your script is called in the Web API library.
Query String Parameters (deprecated) - Specifies the additional bits of data for use by the web service.
- user and password - Authenticates the request and in most cases will be needed. If the script is published to the web database the credentials are not required. You should use the Basic header instead of the query string.
- All of the query string parameters added to the variable scriptArguments

Headers:

Use the Basic header to provide authentication information. Here is an example of how to build that for a script.

Note: Examples included in the following modules

Getting Started

Security

The integration point is disabled by default and can be enabled through configuration as described . See Restfulv2. Be sure to enable the SPE script module in the content tree.

References

Watch Adam present this and much more on Sitecore! Experienced .

Workflows

The Workflows integration allows for scripts to run like workflow commands. Rules can be used to control visiblity and enablement. The script is only executed when the command is triggered.

Begin by adding a new item to a workflow command of template type /Modules/PowerShell Console/PowerShell Script Workflow Action. We've added an insert option to help with this.
Edit the Type string field to your custom type or to the built in type Spe.Integrations.Workflows.ScriptAction, Spe.

Packaging

Ever wanted to package up items and files without opening the Sitecore Package Designer each time? There are a number of commands available for generating packages.

Package Creation

Example: The following example demonstrates how to generate a package.

$package = New-Package "Package-of-Stuff"
$package.Sources.Clear()

$package.Metadata.Author = "Michael West"
$package.Metadata.Publisher = "Team Awesome"
$package.Metadata.Version = "1.0"
$package.Metadata.Readme = @"
Set of instructions for the user.
"@

# Items using New-ItemSource and New-ExplicitItemSource
$source = Get-Item -Path "master:\templates\Feature\Forms" | 
    New-ItemSource -Name 'Feature Forms Items' -InstallMode Overwrite
$package.Sources.Add($source)

# Files using New-FileSource and New-ExplicitFileSource
$source = Get-Item -Path "$AppPath\App_Config\Include\Feature\Forms\Company.Feature.Forms.config" | 
    New-ExplicitFileSource -Name "Feature Forms Files"
$package.Sources.Add($source)

Export-Package -Project $package -Path "$($package.Name)-$($package.Metadata.Version).xml"
Export-Package -Project $package -Path "$($package.Name)-$($package.Metadata.Version).zip" -Zip
Download-File "$SitecorePackageFolder\$($package.Name)-$($package.Metadata.Version).zip"

Post Step

Example: The following adds a Post Step and custom attributes.

Example: The following adds a Post Step included with SPE to delete a file. The SPE Post Step code reads xml data stored in the comment section of the package.

Example: The following adds a Post Step Script included with SPE to change icons. The SPE Post Step code executes a script included with the package as stored in the attributes section.

Releases

Thank you for taking the time to check out the latest and greatest changes for SPE. Send a tweet sharing how much you love the module on Twitter.

The following links provide a way to report issues and get the latest release.

See the for a compatibility matrix.

Troubleshooting

General

We generally see issues occurring due to an incompatible version of Windows PowerShell. Be sure to install Windows PowerShell version 3 or newer.

Installation

Elevated Session Hanging

There is an additional configuration file added to support Identity Server. If you are installing Sitecore 9.1 or later you will want to enable the configuration file Spe.IdentityServer.config.

You can see the Sitecore Stack Exchange answer describing the contents of the configuration.

Hanging Installation Wizard

Some users have reported an where the package installation in Sitecore hangs while installing SPE. One possible fix is to disable the Sitecore Analytics feature; this of course assumes you do not plan on using it for your instance.

Article: Martin Miles encountered the issue and proposed a fix .

Hack: Run this script on Sitecore 8.0.

Exception Messages

ISE throws exception when /sitecore/content/home is missing

- Missing Home item (fixed in 3.2)

Modules

Integration Point is not working

Be sure the module is enabled and the integrations are rebuilt from within the ISE. The following are some of the integration issues you may experience:

Content Editor Gutter - Entries not listed.
Content Editor Ribbon - Buttons not visible or working.
Control Panel - Entries not listed.
Functions - Import-Function name parameter not populating with functions or can't be found after running the command.

Remoting

404 error in browser console can be caused by missing SPE files, a custom pipeline, or perhaps a rewrite rule.
"The request failed with an empty response." could be caused when TLS is offloaded to a load balancer and traffic to the endpoint is no longer over HTTPS. Fixed by issue #.
"The underlying connection was closed: An unexpected error occurred on a send." could be caused in Azure PaaS when requests are made using TLS 1.1 or lower. Setting the SecurityProtocol may help. Thanks to Jayesh Sheth for pointing to a resolution.

Item Links

Examples for managing item referrers maintained by the Link Database.

Relink Item

Example: The following changes the image linked on an item to a new image. Originally posted .

Field Types

Examples for managing complex field types such as MultilistField and NameValueListField.

Edit MultilistField

Example: The following demonstrates how to set a field to a known list of Ids. The Id is already converted to a GUID string.

Example: The following replaces an instance of an Id with an alternate Id. The Id is already converted to a GUID string.

Example: The following adds new Ids to an existing list. Makes use of the Sitecore.Text.ListString class.

Manage Templates

Examples for managing item templates.

Manage Templates

Change Template

Common

Close-Window

Closes the runner job window after the script completes.

Syntax

Close-Window

ConvertFrom-CliXml

Imports a CliXml string with data that represents Microsoft .NET objects and creates the objects within PowerShell.

Syntax

ConvertFrom-CliXml [-InputObject] <String>

ConvertTo-CliXml

Exports Microsoft .NET objects froms PowerShell to a CliXml string.

Syntax

ConvertTo-CliXml [-InputObject] <PSObject>

Detailed Description

The ConvertTo-CliXml command exports Microsoft .NET Framework objects from PowerShell to a CliXml string.

Parameters

-InputObject <PSObject>

Specifies the object to be converted. Enter a variable that contains the objects, or type a command or expression that gets the objects. You can also pipe objects to ConvertTo-CliXml.

Aliases

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

object

Outputs

The output type is the type of the objects that the cmdlet emits.

System.String

Notes

Help Author: Adam Najmanowicz, Michael West

Examples

EXAMPLE

ConvertFrom-Xml
ConvertTo-Xml

Get-Archive

Returns Sitecore database archives.

Syntax

Get-Archive [[-Database] <Database>] [[-Name] <String>]

Get-UserAgent

Returns the current user's browser user agent.

Syntax

Detailed Description

Authoring Reports

Building reports is a straightforward task. We've provided a variety of examples for you to model when designing your own.

Dynamic Reports

The Authorable Reports module includes reports such as Index Viewer and Rules based report that provide input dialogs to help make the reports dynamic.

Note: The Index Viewer and Rules Based Report are bundled as separate a package on the Sitecore Marketplace.

Index Viewer

The Index Viewer report provides a great example at how to build a generic report that queries against the Sitecore index. By navigating to Sitecore -> Toolbox -> Index Viewer you can conveniently launch the report.

First you will be prompted with a dialog to select the index to search.

Next you will be prompted with a variety of buttons and knobs to narrow down the search results.

Finally the report is shown. Each row has an option to show more field results.

The Show Full Info link will then returns the additional fields not shown in the report.

The Authorable Reports module has a few points of interest.

The script library Internal/List View/Ribbon/SearchResultItem instructs the report to show the action scripts when the row contains an entry with the typename SearchResultItem.
The script library Toolbox/Index Viewer represents the shortcut.

Examples:

Static Reports

The Content Reports module includes other reports used for auditing. Below are some examples on how to create your own. You can control the report menu with the Enable and Show rules. This can be helpful if you want to secure specific reports with security roles.

The rules engine can be used the control the report export and action commands. Use the Enable and Show rules to make the necessary changes.

Examples:

Report Actions

Content extracted from article written by Adam.

Actions are simply commands powered by scripts and with visibility dependent on certain conditions like the .Net class of the object that is displayed or perhaps other session settings.

You define an action as a script located in an SPE script library and appears in the Actions panel. In the simplest scenario the action would appear when the script library name matches the .Net class name of the items displayed. In the above scenario the actions are placed under /Platform/Internal/List View/Ribbon/Item/ where Platform is the module and Item is a script library. Let's take a look at the script here /Platform/Internal/List View/Ribbon/Item/Open

The variable $selectedData is provided to the script automatically by SPE in context of the content of the results on Show-ListView.

What input is passed to an action script?

When your action script is executed the environment is initialized with a number of variables at your disposal as seen below:

$selectedData – the selected objects in the list view (the same will be passed to the $resultSet variable for compatibility with older scripts)
$allData – all objects passed to the list view using the -Data parameter.
$filteredData

Consequently you get the full state of the report the user sees in the UI and you can act upon it.

How the report determines if your action is visible?

You can have multiple actions defined with dynamic visibility. The actions are generally only relevant in the context of your report. This is done on two levels. The first level happens based on the location of the script and .Net object type you are displaying in the report. The second level is based on Sitecore rules. For the action to appear all of the following conditions must be met:

All scripts visible in the report should be located in an enabled module.
The action script should be within the path /Internal/List View/Ribbon/[Object type]. The [Object type] is the name of the .Net class for which the action is valid. For example, if you want your action to be visible for Sitecore.Data.Items.Item then save the script at the path /Internal/List View/Ribbon/Item.

Using rules to control action visibility

Rules add the full power of the Sitecore rules engine – similarly to what you can do on context menu items or ribbon actions in Content Editor. Some examples where this can be useful include only enabling or disabling the action for items located under a specific branch of the tree or if a exists.

The following screenshot shows how to create an action that only appears in reports that list objects of type Item that are of template Schedule.

For specific reports this global state might not always be enough. You can narrow down the rules further by using the report name. Name your report by providing an additional parameter to Show-ListView.

Consider the following script:

The output of the report will be like any other unnamed report but adds support for additional rules. Let's say I want my action to open a new report that lists all the children of the selected items in the report "ListChildren". After running the action my script should display the new report with the children and close the "ListChildren" report. Not very useful but illustrates the point.

Now I need to save my script in the proper Script Library in my enabled module:

At this point my action will show on all reports what list Item objects. But now that my script is saved I can modify its rules to narrow it down only to Show for reports named "ListChildren". For this I can click the Runtime button in the ISE ribbon and edit the Show if rules are met or not defined field.

Now you can specify that you want the action to only appear when the report is named "ListChildren".

Confirm the save on all dialogs to persist your changes. Now our action appears when we run this script in ISE.

The action does not appear if no view name is provided to the -ViewName parameter. Running the script below will produce a report with the action not shown:

Updating report in place

The above action works just fine but will close the previous report and open a new report window in the Sitecore desktop. That's not a great user experience. What if you want to update the content of the report in place using the action? That's possible using the Update-ListView command. Consider the following script:

In this case we're not closing the existing report but rather updating the list in place, all you need to do is send the new data to the Update-ListView command.

Showing user progress for long running scripts

One last thing that you might wonder is if the Write-Progress command works as it does in case of ISE or the dialog that runs scripts from Content Editor context menu. Let’s copy the following script into your action:

And you will see the following output:

Showing other PowerShell dialogs

The action runs fully asynchronously so you’re free to show any of the power of the provided commands. This means that you can ask for additional input using the Read-Variable command or Show alert using the Show-Alert command or do just about anything possible otherwise from the context menu, ribbon or other interactive integration points.

Passing additional data to actions

The Show-ListView command has one more useful parameter named -ActionData which I mentioned above but is worth mentioning again. Anything passed using this parameter will be set as the $actionData variable – this means your report and actions can pass custom data in them it can be as simple as an object or as complex as a hashtable so there is really no hard limit on what can progress from a report to report. Any object that was passed to Show-ListView using the -ActionData parameter will be available to your action.

Actions running in persistent sessions

The persistent session ID will be respected and your script will run in that persistent session if it's already in memory or create a persistent session if it's not.

Alternatively you can elect to simply freeze the session the initial script that generated report was running in and run actions in that same frozen session by using the -ActionsInSession parameter.

UI Elements

The Show-ListView command provides the Hide parameter to control visibility of the UI elements.

Add parameter -Hide with one or more of the following options:

AllExport - hides all export scripts (left-most ribbon panel)
NonSpecificExport - hides export filters that are not specific to this view as specified by -ViewName (left-most ribbon panel)
Filter - hides filter panel

Example: The following example all of the UI elements in the report.

Examples from the community!

for Sitecore product has published reports on Github that you can checkout .

Logging and Monitoring

Comprehensive logging and monitoring are essential for detecting security incidents, troubleshooting issues, and maintaining compliance. This guide covers how to configure and use SPE logging for security purposes.

Overview

SPE provides logging capabilities that record:

Script execution
User authentication and authorization
Session elevation events
Delegated access usage
Web service calls
Errors and exceptions

Security Best Practice: Enable comprehensive logging in all non-development environments to create an audit trail.

SPE Log Files

Default Log Location

SPE logs are written to:

Typically resolves to:

Log Levels

SPE supports standard log4net levels:

Level

Description

Use Case

Configuring Log Level

Edit your log4net configuration (typically in App_Config\Sitecore.config or a patch file):

Recommended Settings:

Environment

Log Level

Rationale

What Gets Logged

Script Execution

Format:

Session Elevation

Format:

Delegated Access

Format:

Includes:

Script ID
Context user (actual logged-in user)
Impersonated user (elevated account)

This is critical for audit trails showing privilege escalation.

Web Service Calls

Format:

Logged Events:

Remoting connections
File uploads/downloads
RESTful API calls
Authorization failures

Authentication Events

Format:

Logged Events:

Successful authentication
Failed authentication
Authorization denials

Errors and Exceptions

Format:

Includes:

Exception details
Stack traces
User context
Operation being performed

Monitoring Strategies

Real-Time Monitoring

Using PowerShell to Tail Logs

Monitor for Specific Events

Log Analysis

Find Failed Authentication Attempts

Track Delegated Access Usage

Find Unauthorized Access Attempts

Analyze Web Service Usage

Scheduled Log Review

Create a scheduled task to analyze logs daily:

IIS Log Integration

IIS Logs for Web Services

IIS logs provide additional context for web service access:

Location:

Useful IIS Log Fields

Field

Description

Security Value

Analyzing IIS Logs for SPE

Find SPE web service requests:

Find failed authentication (401) to SPE services:

Alerting

Simple Email Alerts

Create alerts for critical security events:

Run this script via Task Scheduler every 5 minutes.

Integration with SIEM

For enterprise environments, integrate SPE logs with your Security Information and Event Management (SIEM) system.

Common SIEM Solutions:

Splunk
ELK Stack (Elasticsearch, Logstash, Kibana)
Azure Sentinel
ArcSight

Log Retention

Regulatory Requirements

Different compliance frameworks have different retention requirements:

Framework

Typical Requirement

Note: The requirements may have changed since the publishing of this document. Please confirm with your organization and legal team as to the requirements you must meet.

Configuration

The configuration of log retention will be dependent on your solution.

Archival Strategy

The archival strategy implementation will be dependent on your solution.

Security Metrics

Key Performance Indicators (KPIs)

Track these metrics for security monitoring:

Metric

Description

Threshold

Best Practices

Security Recommendations

✅ Do:

Enable INFO level logging in production
Monitor logs daily for suspicious activity
Set up alerts for critical security events
Retain logs per compliance requirements

❌ Don't:

Disable logging in production
Ignore failed authentication attempts
Delete logs prematurely
Log sensitive data (passwords, tokens)

Monitoring Frequency

Activity

Frequency

Method

Troubleshooting

Logs not being written

Possible causes:

log4net configuration incorrect
File permissions prevent writing
Disk space full
SPE logger disabled

Solution: Check log4net config, verify permissions, ensure disk space.

Too much log data

Cause: DEBUG level in production or high activity.

Solution: Change to INFO or WARN level, implement log rotation.

Can't find specific events

Cause: Log rotation moved old logs or logs were deleted.

Solution: Check archived logs, adjust retention period.

- Includes logging validation
- Monitoring delegated access usage
- Monitoring web service security
- IIS log integration

References

- Your Sitecore implementation may require vendor-specific documentation as log4net is bundled/compiled in the Sitecore libraries.