Export (0) Print
Expand All

Configure event logging on a federation server proxy

Updated: September 13, 2007

Applies To: Windows Server 2003 R2

Federation servers log Active Directory Federation Services (ADFS) Federation Service events in the Application and Security event logs. On a federation server proxy, events in the Application log contain additional information about errors regarding contact with the Federation Service. In addition, when a federation server proxy is in effect, the Federation Service events contain information about the proxy certificates that are used.

Use the following procedure to specify the level of events that you want to be logged on a server that is running the Federation Service Proxy. Event logging for a federation server proxy is set in the web.config file. By default, this file is located in %systemdrive%\ADFS\sts. You can apply the following logging types in the Web.config file:

  • Error: Information about a significant problem of which the user should be aware, usually involving a loss of functionality or data.

  • Warning: Indicates a problem that is not immediately significant, but that may signify conditions that could cause future issues.

  • Info: Information about a significant, successful operation.

  • SuccessAudit: Indicates an audited security event that occurs when an audited access attempt is successful, for example, a successful logon attempt.

  • FailureAudit: Indicates a security event that occurs when an audited access attempt fails; for example, authentication failed.

  • DetailedSuccess: A success audit event with detailed information about each token involved in the transaction, including claims information.

  • DetailedFailure: A failure audit event with detailed information about each token involved in the transaction, including claims information.

  • Everything: Enables all logging levels.

Use the following procedure to configure event logging levels on a federation server proxy. Perform this procedure on the federation server proxy.

noteNote
For security events to be registered, object access auditing must be enabled in the security policy. For more information, see Configuring ADFS Servers for Troubleshooting (http://go.microsoft.com/fwlink/?LinkId=79242).

Administrative credentials

To complete this procedure, you must have Read-Write access to the web.config file.

To configure event logging for a federation server proxy using the web.config file

  1. In Notepad, open the web.config file in %systemdrive%\ADFS\sts.

  2. Search for <logonserver>.

  3. Add the <auditlevel> XML element under <logonserver>, as follows:

    <auditlevel> Value </auditlevel>

    Where Value is one of the following, or the combined values of two or more:

    • Error = 1

    • Warning = 2

    • Info = 4

    • SuccessAudit = 16

    • FailureAudit = 32

    • DetailedSuccess = 64

    • DetailedFailure = 128

    • Everything = 247

  4. Save and close the web.config file.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft