Auditing in BizTalk360- Monitor Your Audit Logs and Get Notified

|  Posted: October 30, 2020  |  Categories: BizTalk Server
Tags: BizTalk360

Introduction

This series is about how you can use BizTalk360 by smartly using data sources it can access. Doing so, you can make your day to day tasks easier. In this blog post, we will see in detail how you can monitor operations against your host instances. Of course, you can pick up any accessible components based on your business requirements.

Part1: Automatically Receive Auditing Reports

How to get auditing reports and share them with team members in PDF format. Read more in this blog post to know more in detail.

Part2: Give Your BizTalk Audit Log More Visibility

Add auditing related widgets to the home page of BizTalk360. Read more in this blog post to know more in detail.

Part3: Monitor Your Audit Logs and Get Notified

How to get notified when something unexpected is happening

Let us consider an example: If anyone of your host instances is stopped for any reason and your unaware of how long your host instances are in a stopped state.

In this article, we will see in detail how you can run a Secure SQL Query through BizTalk360 and monitor your host instances to get notified through your preferred way of communication.

Note: In this scenario, we are not relying on monitoring that has been set up against Host Instances. Instead, we are checking the BizTalk360 Audit tables which contain information about who turned on or off the host instances. So, even when no monitoring has been set up, you will still be able to find out when somebody has changed the state of your host instances.

User Permission Required to Execute Your SQL Query

Before getting started, let us think about what kind of permission you have in your environment. By default, super-users/admin people will have full access to the BizTalk360 environment. However, if you are a normal user, then you must ensure that the following permissions are provided.

The user must have the following permissions to access BizTalk360:

  • Secure SQL Queries
  • Manage Alarm under the Monitoring section

Once all the feature level permissions have been set up, then you can get started with creating the required queries in BizTalk360.

Note: the query that we are creating under Operations is not required to have the complete scenario working. It can simply be used to view who performed which operations against the Host Instances.

For creating new queries in BizTalk360, navigate to Operations-> Secure SQL Queries and follow the steps in the BizTalk360 documentation portal.

The query looks like below:

SELECT
[ActivityDateTime],
[DomainName] + ‘\’ + [UserName] AS [User],
[Operation],
[HostName],
[ServerName]
FROM [BizTalk360]. [dbo].[b360_governance_HostInstance]
WHERE Operation=’Stop’
AND DATEDIFF (MINUTE, [ActivityDateTime], GETUTCDATE ()) <15 ORDER BY ActivityDateTime desc

Once the query has been executed in Secure SQL queries, the next step is to write a query which will return some scalar values that is, the query will return the number of Stop operations of host instances for the last 15 minutes of the time interval and receive notifications based on the violation occurred.

To perform this, you need to create an alarm, then next navigate to Monitoring -> Manage Mapping -> BizTalk environment -> DB query

Biztalk audit log

Under DB query section, the query can be executed as follows:

SELECT COUNT (*)
FROM [BizTalk360].[dbo].[b360_governance_HostInstance]
WHERE Operation=’Stop’
AND DATEDIFF (MINUTE, [ActivityDateTime], GETUTCDATE ()) <15

Once the query has been executed, set the threshold values which in return tell you whether it is a healthy or a warning state.

Note: You can monitor the Database Query results by configuring the query which returns the scalar value. If there is any deviation in the query results, then BizTalk360 will trigger an alert notification.

Biztalk audit log

In the above screenshot, you would have seen the query executed returned a scalar value. BizTalk360 UI provides you the status of the environment with color indications such as green for healthy, yellow for warning, and red for error.

Notification Channels

Once all the above steps have been configured and whenever there occurs a violation in your environment, BizTalk360 will trigger an alert notification. By default, BizTalk360 ships with the below 6 types of notification channels:

  • Microsoft Teams
  • Slack
  • PowerShell
  • WebHook
  • ServiceNow
  • SMTP

Configure these custom notification channels in Settings side Settings -> Monitoring and Notification of BizTalk360. Click here to know more about the custom notification channels.

Conclusion

In this series, we have shown you all way to do smart things with data that can be accessed in BizTalk360. We have seen how efficiently we can run queried from BizTalk360 and monitor your host instances at ease and get it notified immediately. You can also use other series of auditing blogs Part1 and Part2 to get to know more about them in detail. If you wish to evaluate our product, why don’t you give the product a go! You can either request a demo or take up a free trial. Our consultant team will be happy to take you forward!

Happy Exploring!

Author: Christhini

Junior Product Consultant at Kovai.co - A passionate software professional with a high degree of problem-solving, organizational and analytical skills; Able to leverage data/analytics to make decisions to improve the product performance so as to provide optimal product.

Back to Top