Starting with BizTalk Server 2020 and newer, administrators can configure BizTalk Server to generate an audit trail for management operation on application artifacts, such as to send ports, receive ports, receive locations, orchestrations, and resources. Auditing of suspend/resume/terminate operations on service instances is also possible.
This feature may not be perfect yet, and it has space to grow in the future, but it is a good start, and I hope the BizTalk product team will improve these capabilities in the future.
How to configure the Audit Logs?
The auditing feature isn’t enabled by default. To enable auditing you need to:
- Open BizTalk Server Administration console, right-click the BizTalk Group, and select Settings
- On the Group panel, under the Tracking and Reporting section:
- Enable the Audit management operations option.
- And set a Maximum number of audit entries property according to your needs. By default, BizTalk stores 10000 most recent entries.
- Select OK to save your changes.
Now every time you make the following operations:
- On Ports (Receive or Send): Create, Update and Delete
- On Service Instances: Suspend, Resume and Terminate
- On Application resource: Add, Update and Remove
- On Bindings: Import bindings files
One or more audit entries are logged. All these correlation entries have the same BatchId. The audit log has the following information:
| Property | Description |
| ID | Id of type Guid, unique per entry. Example: 3bf539a3-4b59-4148-b589-d22c83f32d25 |
| BatchId | Same for all audited operations performed in a single SQL transaction. Insightful in correlating user operations with lower level details Example: a4ffa64b-8064-4e54-9d99-2e7d60797100 |
| UserPrincipal | User who performed the operation. Example: BTS2020LAB01\\Administrator |
| Machine | Machine name from which operation was performed. Example: BTS2020LAB01 |
| ArtifactId | Unique id of the artifact. Example: 1 |
| ParentArtifactId | If an artifact is child of another artifact, then this field will have artifact id of the parent. Example: 1 |
| ArtifactType | Type of artifact on which operation was performed. Example: SendPort, ReceiveLocation, etc. |
| ArtifactName | User configured name of the artifact. Example: BatchControlMessageRecvLoc |
| OperationName | Action performed on the artifact. Example: Ports: Create/Update/DeleteService Instances: Suspend/Resume/TerminateApplication resources: Add/Update/RemoveBinding file: Import |
| Payload | Contains information about what is changed in JSON structure. Example: { “Disabled”: 0 } |
| CreatedDate | Timestamp when the operation was performed Example: 2020-11-27T09:21:48.55Z |
How to view the audit logs?
The easier way to access the BizTalk Server Audit logs is to access the Audit Logs REST service using your browser by using the following URL:
- GET http://localhost/BizTalkOperationalDataService/AuditLogs
This will provide a JSON response containing all the latest logs.
For a better user experience, you could use a tool like postman to interact with this service:
You can also define a date range to retrieve the desire logs. For that you should use the following query parameters:
- fromDate: beginning date, for example, 2020-12-01T01:00:00
- toDate: end date, for example, 2020-12-03T01:00:00
GET request example:
- GET http://localhost/BizTalkOperationalDataService/AuditLogs?fromDate=2020-12-01T01:00:00&toDate=2020-12-03T01:00:00
Supported date formats are: yyyy-MM-dd or yyyy-MM-ddThh:mm:ss.
