Microsoft has taken to increasing the complexity of some of their product auditing functions, starting with Exchange and SharePoint's auditing implementations in the 2010 versions. Gone are the days of simple configurations to log to the event log, here are the days of audit tables, databases, and API calls. This makes it difficult if you're someone who is moving content to SharePoint, already has content in SharePoint, or is looking to move toward SharePoint, and have audit or regulatory requirements. We've had a LOT of requests for SharePoint auditing and rather than build something, we've chosen to leave it to the experts.
Pulling SharePoint audit activity out of the cryptic database and into the Event Log
Providing object & user names in SharePoint audit events
Managing SharePoint audit policies
Use LEM with LOGbinder for:
Alerting on SharePoint change activity (new administrators, permissions changes)
Auditing SharePoint item & object access, deletion, import, and export
Reporting on SharePoint activity for compliance
Viewing SharePoint audit activity in context with operating system, network device, and other application logs
I just uploaded some rules, filters, and reports for LOGbinder over on the Content Exchange that provides everything you need to get going on the LEM side. There's an integration guide in the Zip file that will explain how to install the files, which are all tailored to the LOGbinder SP event log data. You will need an agent installed on your SharePoint+LOGbinder system, you'll need to make sure you have either LEM version 5.4 or the latest product connectors installed, then it's just a matter of following the guide to get set up and start monitoring.