Skip to main content
Skip table of contents

MS Windows Event Logging XML - ADFS

Active Directory Federation Service (AD FS) enables Federated Identity and Access Management by securely sharing digital identity and entitlements rights across security and enterprise boundaries. AD FS extends the ability to use single sign-on functionality that is available within a single security or enterprise boundary to Internet-facing applications to enable customers, partners, and suppliers a streamlined user experience while accessing the web-based applications of an organization.

Device Details

Device NameMS Windows Event Logging XML - ADFS



Device Type

Supported Model Name/Number

Supported Software Version(s)


Collection Method

MS Windows Event Logging

Configurable Log Output?


Log Source Type

MS Windows Event Logging XML - ADFS

Log Processing Policy

LogRhythm Default



Additional Information

Supported Log Messages


Product Version

Supported Schema Fields

AD FS MessagesN/A<vmid>, <vendorinfo>, <severity>, <sip>, <dip>, <dname>, <snatip>, <dnatip>, <login>, <account>, <domainorigin>, <domainimpacted>, <result>, <session>, <object>, <objecttype>, <subject>, <useragent>, <reason>, <size>

Revision History

KB Version

Log Type

Change Type


7.1.591.0MS Windows Event Logging XML - ADFSNew Log Source TypeNew Log Source Type to support ADFS in XML.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.