Ideally we should have proper monitoring solution in place for any BizTalk projects. But the reality is always different, even in big enterprises monitoring solutions are not adequate due to various internal political reasons.
In this article I’m going to show how you can take advantage of the new Event Viewer functionalities that comes as part of Windows to get some basic monitoring. The new event viewer that comes as part of Windows Vista, 7 and 2008 are fully reengineered with the event tracking and logging architecture. Some of the core enhancements include
Categorise Events using Custom Views:
- Ability to create custom queries so you can essentially tweak Event Viewer to show you just the things you are interested in (see Figure below)
- You can associate a task to particular events, example: send you an e-mail, run a program, and display a message.
- You can collect events from multiple systems and forward it to one system, allowing you to centralize event logs (thanks to WS-Management implementation underneath).
- Now event viewer reports its data in XML.
- You can import and export custom view
- Above all the main difference is all the changes you make are persistent; it won?t disappear when you close the event viewer.
One of the challenges of current event viewer is the volume of information you receive on the default Application log. There were few filtering options, like you can create a New Log and tweak some parameters to get to the events you are interested in. But that?s very basic and one of the biggest issue was the filter setup was not persisted and you lose it once you close the event viewer.
But the new EV allows you to create various custom views and categories them in a nice folder structure. As shown in the above figure, I’ve created a typical structure for BizTalk monitoring separating events relevant to SSO, BAM, Orchestration, Core Messaging etc
The below figure shows the Create Custom View window, which allows you create a sophisticated filter and save it in a desired folder.
This way you can put critical and high severity error events in a separate custom view and other less important information messages in a separate view. Later in the article, we?ll see how you can attach tasks/alerts to the views and get automatic notification.
The other important aspect here is, you don?t need to use the UI to create the desired view, you can create define them as xml and import it using the event viewer console. The xml looks as shown below, utilizing XPATH statements for filtering. The below xml snippet shows the same thing we configured earlier, event ids between 5640 and 5650.
Note: Creating folder structure is not very neat; you can only create a new folder when you are saving or importing the custom view.
Create a range of Event Id for your application and monitor it
The “Create custom view” window allows you to mix and match various filter options to get to what you want. One of the powerful options is specifying the event id in various combinations
- Comma separated values
- Specify a negative sign to exclude them, and
- Specify a range as shown below
Specifying a range will be a very useful option if you have designed your custom solution in a way it emits a range of event ids.
Create actions for critical events
One of the crucial advantages of monitoring systems like SCOM and HP Open view is their ability to send alerts based on the event. Event viewer’s functionality may not be like for like match with commercial products, but it definitely provides you the basic alerting functionality in conjunction with the “Task Scheduler” that comes with Windows. Both the products are nicely integrated, as soon as you create a task in Event Viewer; it automatically creates a scheduled task in the background. You can change the properties later if you wish.
Three different types of task can be configured, you can start any program, you can send an email and you can display a message in the console.
Start a program is a powerful option, which allows you to start any application. For example you could have scripter certain activities and configured it run every time a particular event occurs.
Send an email, is other useful function, you can configure to send an email whenever there is an event within a particular custom view. The functionality itself is very basic,
Example: It doesn’t attach the original event message, there is no way to consolidate event etc. But you can structure the custom views in a way, so that only high severity incidents send notification.
Creating the task in event viewer quietly creates the task in Windows Task Scheduler as shown in the below picture
Once you have created the task, you can modify it later either in the Task Scheduler or Event Viewer.
The email notifications:
Forward events from all BizTalk/SQL (within a group) servers to central place:
The new event viewer got the ability to forward or subscribe events between computers. This is a very powerful for distributed applications that are built on top of BizTalk. A typical BizTalk environment will have one or more host servers and one or more SQL servers acting as a group. Setting up a central event collection for monitoring will be very useful. You can extend this event forwarding to all the dependant applications like your web services, front ends, etc to consolidate all the events in a central location.
The new event viewers completely redesigned event tracing and logging architecture based on WS-management brings this capability. There are set of command line event viewer/ WS-RM (remote management) utility tools that enables your to set up event forwarding. There are tons of resources out there explaining how you can setup this, so I?m not going to get into details in this article.
Example: By executing the following command in a server will allow remote access to that machine for management.
The Windows Remote Management Tool will respond like so:
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:
Set the WinRM service type to delayed auto start.
Start the WinRM service.
Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this
Enable the WinRM firewall exception.
Make these changes [y/n]?
Even though the concept explained here are not ideal for an enterprise solution, it gives some basic monitoring capabilities for free. There is no cost involved here, as long as you are running your solution on the latest Windows OS, you get these functionalities for free. Ideally you should have invested in a proper monitoring solution like SCOM or HP Openview, depending on the importance of your BizTalk solution.