Starting with BizTalk Server 2020 and newer, administrators can configure BizTalk Server to generate an audit trail for management operations on application artifacts, such as to send ports, receive ports, receive locations, orchestrations, and resources. Auditing of suspend/resume/terminate operations on service instances is also possible.
This feature may not be perfect yet, and it has space to grow in the future, but it is a good start, and I hope the BizTalk product team will improve these capabilities in the future.
📝 One-Minute Brief
Explains the new Audit Logs feature in BizTalk Server 2020, which allows administrators to track management operations on artifacts such as ports, orchestrations, bindings, and service instances for improved governance and traceability.
How to configure the Audit Logs?
The auditing feature isn’t enabled by default. To enable auditing, you need to:
- Open the BizTalk Server Administration console, right-click the BizTalk Group, and select Settings.
- On the Group panel, under the Tracking and Reporting section:
- Enable the Audit management operations option.
- And set a Maximum number of audit entries property according to your needs. By default, BizTalk stores the 10000 most recent entries.
- Select OK to save your changes.
Now every time you make the following operations:
- On Ports (Receive or Send): Create, Update, and Delete.
- On Service Instances: Suspend, Resume, and Terminate.
- On Application resource: Add, Update, and Remove.
- On Bindings: Import bindings files.
One or more audit entries are logged. All these correlation entries have the same BatchId. The audit log has the following information:
| Property | Description |
| ID | The user who performed the operation. Example: BTS2020LAB01\\Administrator |
| BatchId | Same for all audited operations performed in a single SQL transaction. Insightful in correlating user operations with lower-level details. Example: a4ffa64b-8064-4e54-9d99-2e7d60797100. |
| UserPrincipal | The user who performed the operation. Example: BTS2020LAB01\\Administrator. |
| Machine | Machine name from which the operation was performed. Example: BTS2020LAB01. |
| ArtifactId | If an artifact is a child of another artifact, then this field will have the artifact ID of the parent. Example: 1. |
| ParentArtifactId | If an artifact is a child of another artifact, then this field will have the artifact ID of the parent. Example: 1. |
| ArtifactType | User-configured name of the artifact. Example: BatchControlMessageRecvLoc |
| ArtifactName | Action performed on the artifact. Example: Ports: Create/Update/Delete Service Instances: Suspend/Resume/Terminate Application resources: Add/Update/Remove Binding file: Import. |
| OperationName | Contains information about what has changed in the JSON structure. Example: { “Disabled”: 0 }. |
| Payload | Timestamp when the operation was performed. Example: 2020-11-27T09:21:48.55Z. |
| CreatedDate | Timestamp when the operation was performed. Example: 2020-11-27T09:21:48.55Z. |
How to view the audit logs?
The easier way to access the BizTalk Server Audit logs is to access the Audit Logs REST service using your browser by using the following URL:
- GET http://localhost/BizTalkOperationalDataService/AuditLogs
This will provide a JSON response containing all the latest logs.
For a better user experience, you could use a tool like Postman to interact with this service:
You can also define a date range to retrieve the desired logs. For that, you should use the following query parameters:
- fromDate: beginning date, for example, 2020-12-01T01:00:00.
- toDate: end date, for example, 2020-12-03T01:00:00.
GET request example:
- GET http://localhost/BizTalkOperationalDataService/AuditLogs?fromDate=2020-12-01T01:00:00&toDate=2020-12-03T01:00:00
Supported date formats are: yyyy-MM-dd or yyyy-MM-ddThh:mm:ss.
Hope you find this helpful! If you liked the content or found it useful and would like to support me in writing more, consider buying (or helping to buy) a Star Wars Lego set for my son.
