Configure Event Logging on a Federation Server Proxy

Updated: January 31, 2008

Applies To: Windows Server 2008

Federation servers log Active Directory Federation Services (AD FS) Federation Service events in the Application and Security event logs. On a federation server proxy, events in the Application log contain additional information about errors regarding contact with the Federation Service. In addition, when a federation server proxy is in effect, the Federation Service events contain information about the proxy certificates that are used.

Use the following procedure to specify the level of events that you want to be logged on a server that is running the Federation Service Proxy. Event logging for a federation server proxy is set in the web.config file. By default, this file is located in %systemdrive%\Windows\SystemData\ADFS\sts. You can apply the following logging types in the web.config file:

  • Error: Information about a significant problem of which the user should be aware, usually involving a loss of functionality or data.

  • Warning: Indicates a problem that is not immediately significant, but that may signify conditions that could cause future issues.

  • Info: Information about a significant, successful operation.

  • SuccessAudit: Indicates an audited security event that occurs when an audited access attempt is successful, for example, a successful logon attempt.

  • FailureAudit: Indicates a security event that occurs when an audited access attempt fails; for example, authentication failed.

  • DetailedSuccess: A success audit event with detailed information about each token that was involved in the transaction, including claims information.

  • DetailedFailure: A failure audit event with detailed information about each token that was involved in the transaction, including claims information.

  • Everything: Enables all logging levels.

Use the following procedure to configure event logging levels on a federation server proxy. Perform this procedure on the federation server proxy.

noteNote
For security events to be registered, object access auditing must be enabled in the security policy. For more information, see Configuring AD FS Servers for Troubleshooting (http://go.microsoft.com/fwlink/?LinkId=79242).

To complete this procedure, you must have Read-Write access to the web.config file.

  1. In Notepad, open the web.config file in %systemdrive%\Windows\SystemData\ADFS\sts.

  2. Search for <logonserver>.

  3. Add the <auditlevel> XML element under <logonserver>, as follows:

    <auditlevel> Value </auditlevel>

    Where Value is one of the following, or the combined values of two or more:

    • Error = 1

    • Warning = 2

    • Info = 4

    • SuccessAudit = 16

    • FailureAudit = 32

    • DetailedSuccess = 64

    • DetailedFailure = 128

    • Everything = 247

  4. Save and close the web.config file.

Community Additions

ADD
Show: