MS Windows Event Logging XML - ADFS
Active Directory Federation Service (AD FS) enables Federated Identity and Access Management by securely sharing digital identity and entitlements rights across security and enterprise boundaries. AD FS extends the ability to use single sign-on functionality that is available within a single security or enterprise boundary to Internet-facing applications to enable customers, partners, and suppliers a streamlined user experience while accessing the web-based applications of an organization.
Device Details
| Device Name | MS Windows Event Logging XML - ADFS |
Vendor | Microsoft |
Device Type | |
Supported Model Name/Number | |
Supported Software Version(s) | N/A |
Collection Method | MS Windows Event Logging |
Configurable Log Output? | No |
Log Source Type | MS Windows Event Logging XML - ADFS |
Log Processing Policy | LogRhythm Default |
Exceptions | N/A |
Additional Information | https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/troubleshooting/ad-fs-tshoot-logging |
Supported Log Messages
Type | Product Version | Supported Schema Fields |
|---|---|---|
| AD FS Messages | N/A | <vmid>, <vendorinfo>, <severity>, <sip>, <dip>, <dname>, <snatip>, <dnatip>, <login>, <account>, <domainorigin>, <domainimpacted>, <result>, <session>, <object>, <objecttype>, <subject>, <useragent>, <reason>, <size> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
| 7.1.591.0 | MS Windows Event Logging XML - ADFS | New Log Source Type | New Log Source Type to support ADFS in XML. |