Configure event logging on a federation server

Applies To: Windows Server 2003 R2

Servers that are running the Federation Service component of Active Directory Federation Services (ADFS) log ADFS Federation Service events in the Application event log. These events report information about the operation of the components of the local organization and the partner organizations that are covered by a trust policy.

The following types of events are available and enabled by default in ADFS:

• Error: Information about a significant problem of which the user should be aware, usually involving a loss of functionality or data.

• Warning: Indicates a problem that is not immediately significant, but that may signify conditions that could cause future issues.

• Info: Information about a significant, successful operation.

• Success audit: Indicates an audited security event when an audited access attempt is successful; for example, a successful logon attempt.

• Failure audit: Indicates a security event that occurs when an audited access attempt fails; for example, an inbound token was not valid.

• Detailed success: A success audit event with detailed information about each token involved in the transaction, including claims information.

• Detailed failure: A failure audit event with detailed information about each token involved in the transaction, including claims information.

You can select the levels that you want to enable and disable.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To change the event types that are logged by ADFS

1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

2. Right-click the Trust Policy node, and then click Properties.

3. Scroll to the Event Log tab.

4. Under Event log level, click to select and deselect event log types, and then click OK.