biztalk 2020 audit log

BizTalk Auditing integrated into BizTalk360

Published on : Mar 15, 2022

Category : BizTalk Server

Deepthi Murugaraj

Author

Microsoft BizTalk Server 2020 has an important feature as the Audit log which was introduced on January 15, 2020. It is the most awaited feature by administrators to handle the security gaps in BizTalk Server. It could be efficacious for BizTalk Administrators and Operation Teams to know what operations have been performed in the BizTalk Group by which user.

Why auditing is important? 

Auditing helps with providing visibility on sensitive enterprise data by knowing who performed which operations, modifications, or destructions. Server auditing is a way of tracking and reviewing activities on our server. The process works based on our audit policy. Biztalk users have no limitations of accessing BizTalk Artifacts.

 BizTalk Server is open for all users like Administrators, Deployment teams and Support team. Admin console can be operated by both BizTalk Operational Users and Business users. Since there is no user access policy in the BizTalk Admin console, there are chances that Business users can perform an operation on Artifacts by mistake during the business data transaction. It causes more impact on the business flow. This can be avoided by using BizTalk360 User access policy and Governance Audit capabilities

 You may have a question since BizTalk already has the auditing capability then why its integrated with BizTalk360. Answer is BizTalk will audit the activities you performed and save the auditing details in table; you have only raw data you do not have UI to view that. By integrating this with BizTalk360 you can clearly visualise which user performed which activity on which artifacts during which time. Say for instance you can clearly get to know SendportA is stopped by admin or support, or business user and you can take necessary action for same.

Let’s take some example scenarios and see how the impact of such activities can cause huge business disruption. Let’s imagine you have an integration scenario picking up purchase orders from an FTP location, processing it via a BizTalk Orchestration and finally sending it to the SAP system.

In this simplest scenario, a BizTalk Administrator can potentially do the following 5 activities intentionally or accidentally —

  • Disabling the BizTalk FTP Receive Location
  • Unenlisting the BizTalk Orchestration
  • Stopping the BizTalk SAP Send Port
  • Stopping the BizTalk Host Instances that run receive location, send port and orchestration
  • Terminate a BizTalk Service Instance that’s processing the purchase order

Any one of the above activities would have resulted in a business impact of not processing that purchase order. When such incidents happen, you must have the system in place to look at the audit logs to see who actually performed such activity and take the necessary steps.

Configure audit functionality in BizTalk 

  we can configure this amazing functionality with few steps

  • Open BizTalk admin console with administrator access
  • Right-click on BizTalk Group settings
  • Enable the BizTalk Auditing Operations and change the maximum limit value if required, Select OK to save your changes.
  • Biztalk audit

Which artifacts are audited in BizTalk?

As said earlier, with BizTalk Server 2020, administrators can configure the audit management operation in the BizTalk Server admin console to generate audit logs. Below are the artifact activities that can be audited

  • Application – Create, Import, Start and Stop
  • Send Port – Create, Start, Stop, Enlist, Unenlist, Delete, Move to Application, Tracking
  • Receive Port – Create, Delete, Move to Application, Tracking
  • Receive Location – Create, Enable, Disable, Delete, Move to     Application
  • Orchestration – Start, Stop, Enlist, Unenlist, Remove, Move to Application, Tracking
  • Resource – Remove, Move to Application
  • Service Instance- Suspend, Terminate, Resume

Where the auditing data will be saved 

The audit data of BizTalk admin console operations will be saved in your BizTalk Management database into “the bts_auditlog” table, this audited data will be displayed with some terms like Id, Batch Id, User Principal, Machine, Artifact Id, Parent Artifact Id, Artifact Type, Artifact Name, Operation Name. 

How auditing is integrated with BizTalk360  

Since BizTalk has no audit feature in the previous versions at that time BizTalk360 supports Governance & Audit which audits the activities that are performed inside BizTalk360. 

Now with this integration BizTalk360 users can view the BizTalk Audit logs in the BizTalk360’s Governance & Audit section. Along with the BizTalk360 audits automatically the BizTalk audit logs will be start captured once BizTalk360 is updated with the latest version (from V10.2).

To achieve this super cool functionality, you need to upgrade to BizTalk360 v10.2. We have added a new sub-service “BizTalk Audit log” under the Monitoring Service. BizTalk Audit logs will be fetched into BizTalk360 on 5 minutes frequency.

biztalk 2020 audit log

Let us see the advantages of having BizTalk audit integrated with BizTalk360 

  • BizTalk360 users do have the benefit of getting audit data from both sources like BizTalk and BizTalk360
  • Updated UI to visualise the audit data. Rich querying capability to filter the details based on time, user, activity etc
  • One of the important advantages is users can take necessary actions from the BizTalk360. Say for example if a Send port is disabled by mistake in the BizTalk admin console, in BizTalk360 by clicking on the respective audit log it will redirect you to the application screen within BizTalk360 from there you can take the necessary actions say you can start/stop the ports
  • Also, we are allowing the users to export the audit log details for further actions.

You can think about what will happen if I have both the BizTalk and BizTalk360 audit logs in the same database, it may cause performance issues. BizTalk360 have purging policy for Governance & Audit, with this the data will be purged periodically there won’t be any data growth to affect your DB performance.

Do we differentiate between BizTalk and BizTalk360 auditing? 

Yes, you might think, when we get both BizTalk and BizTalk360 audits in the same segments of Governance & Audit how do we get to know the activities are done by BizTalk or BizTalk360.Here we help you with a server icon specification for the BizTalk admin audits.  

Application & artifacts audit under application section. 

governance audit

Let see what activities can be audited from BizTalk360 and from BizTalk.

Activities

Service instances related audits under the service instance section 

Service instances related audits

Here coming to the Service Instance part, the below table shows you which can be audited from BizTalk and BizTalk360 in the Instance part.

Service instances related audits

Tracking related audits under Tracking Manager section 

Tracking biztalk audit

The below table shows you which can be audited from BizTalk and BizTalk360 in the tracking part.

Consolidated BizTalk Activities 

The above operations will also be audited along with all the operations performed across administration features in consolidated activities under Administration Activities of Governance and Audit. 

Governance and auditing – Rich query filter 

Compared to the below API browser view, BizTalk360 provides a user-friendly, feel-good user interface. 

biztalk 2020 audit log

You can just overview the rich query filters which are available for our user convenience. We do have the options like User, Operation, Application name, Artifact Type, Timestamp all these are helpful to filter the Audit data as per the BizTalk User requirements.

Governance and auditing

 In addition, we have added the “Source” filter so that the users can view the BizTalk and BizTalk360 audit logs separately and export them in PDF format for any business needs. Also Getting to know who performed what actions from which source that so helpful to take required steps to resolve the unexpected situations. 

Conclusion 

Hope you understand this additional auditing functionality makes your work easier and saves much time. We have added this feature in BizTalk360 V10.2. Want to try this feature or upgrade to our latest version?  

We have a free trial for you! Try it out! BizTalk360 will make you more productive, Happy monitoring!