This post was originally published here

Starting with BizTalk Server 2020 and newer, administrators can configure BizTalk Server to generate an audit trail for management operation on application artifacts, such as to send ports, receive ports, receive locations, orchestrations, and resources. Auditing of suspend/resume/terminate operations on service instances is also possible.

This feature may not be perfect yet, and it has space to grow in the future, but it is a good start, and I hope the BizTalk product team will improve these capabilities in the future.

How to configure the Audit Logs?

The auditing feature isn’t enabled by default. To enable auditing you need to:

  • Open BizTalk Server Administration console, right-click the BizTalk Group, and select Settings
  • On the Group panel, under the Tracking and Reporting section:
    • Enable the Audit management operations option.
    • And set a Maximum number of audit entries property according to your needs. By default, BizTalk stores 10000 most recent entries.
  • Select OK to save your changes.

Now every time you make the following operations:

  • On Ports (Receive or Send): Create, Update and Delete
  • On Service Instances: Suspend, Resume and Terminate
  • On Application resource: Add, Update and Remove
  • On Bindings: Import bindings files

One or more audit entries are logged. All these correlation entries have the same BatchId. The audit log has the following information:

Property Description
ID Id of type Guid, unique per entry. Example: 3bf539a3-4b59-4148-b589-d22c83f32d25
BatchId Same for all audited operations performed in a single SQL transaction. Insightful in correlating user operations with lower level details Example: a4ffa64b-8064-4e54-9d99-2e7d60797100
UserPrincipal User who performed the operation. Example: BTS2020LAB01Administrator
Machine Machine name from which operation was performed. Example: BTS2020LAB01
ArtifactId Unique id of the artifact. Example: 1
ParentArtifactId If an artifact is child of another artifact, then this field will have artifact id of the parent. Example: 1
ArtifactType Type of artifact on which operation was performed. Example: SendPort, ReceiveLocation, etc.
ArtifactName User configured name of the artifact. Example: BatchControlMessageRecvLoc
OperationName Action performed on the artifact. Example: Ports: Create/Update/DeleteService Instances: Suspend/Resume/TerminateApplication resources: Add/Update/RemoveBinding file: Import
Payload Contains information about what is changed in JSON structure. Example: {  “Disabled”: 0 }  
CreatedDate Timestamp when the operation was performed Example: 2020-11-27T09:21:48.55Z

How to view the audit logs?

The easier way to access the BizTalk Server Audit logs is to access the Audit Logs REST service using your browser by using the following URL:

  • GET http://localhost/BizTalkOperationalDataService/AuditLogs

This will provide a JSON response containing all the latest logs. 

For a better user experience, you could use a tool like postman to interact with this service:

You can also define a date range to retrieve the desire logs. For that you should use the following query parameters:

  • fromDate: beginning date, for example, 2020-12-01T01:00:00
  • toDate: end date, for example, 2020-12-03T01:00:00

GET request example:

  • GET http://localhost/BizTalkOperationalDataService/AuditLogs?fromDate=2020-12-01T01:00:00&toDate=2020-12-03T01:00:00

Supported date formats are: yyyy-MM-dd or yyyy-MM-ddThh:mm:ss.

The post What’s new in BizTalk Server 2020: Audit Logs appeared first on SANDRO PEREIRA BIZTALK BLOG.