Active Directory Federation Service (AD FS) enables Federated Identity and Access Management by securely sharing digital identity and entitlements rights across security and enterprise boundaries. AD FS extends the ability to use single sign-on functionality that is available within a single security or enterprise boundary to Internet-facing applications to enable customers, partners, and suppliers a streamlined user experience while accessing the web-based applications of an organization.

Device Details

Device NameMS Windows Event Logging XML - ADFS

Vendor

Microsoft

Device Type


Supported Model Name/Number


Supported Software Version(s)

N/A

Collection Method

MS Windows Event Logging

Configurable Log Output?

No

Log Source Type

MS Windows Event Logging XML - ADFS

Log Processing Policy

LogRhythm Default

Exceptions

N/A

Additional Information

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/troubleshooting/ad-fs-tshoot-logging

Supported Log Messages

Type

Product Version

Supported Schema Fields

AD FS MessagesN/A<vmid>, <vendorinfo>, <severity>, <sip>, <dip>, <dname>, <snatip>, <dnatip>, <login>, <account>, <domainorigin>, <domainimpacted>, <result>, <session>, <object>, <objecttype>, <subject>, <useragent>, <reason>, <size>

Revision History

KB Version

Log Type

Change Type

Details

7.1.591.0MS Windows Event Logging XML - ADFSNew Log Source TypeNew Log Source Type to support ADFS in XML.