Configure Event Logging for a Claims-Aware Application
Applies To: Windows Server 2008
Use the following procedure to specify the level of events that you want to be logged for claims-aware applications in the Application event log on the Web server that is protected by Active Directory Federation Services (AD FS).You set event logging for claims-aware applications in the web.config file for the application.
You can apply the following event logging settings in the web.config file:
Error: An alert that provides information about a significant problem of which the user should be aware, usually involving a loss of functionality or data.
Warning: An alert that indicates a problem that is not immediately significant but that may signify conditions that could cause future issues.
Info: An alert that provides information about a significant, successful operation.
SuccessAudit: A security event that occurs when an audited access attempt succeeds, for example, a successful logon attempt.
FailureAudit: A security event that occurs when an audited access attempt fails, for example, a failed attempt to open a file.
DetailedSuccess: A success audit event that provides detailed information about each token that is involved in the transaction, including claims information.
DetailedFailure: A failure audit event that provides detailed information about each token that is involved in the transaction, including claims information.
Everything: Enables all logging levels.
To complete this procedure, you must have Read-Write access to the web.config file.
To configure event logging for a claims-aware application
In Notepad, open the web.config file in the directory that stores the claims-aware application.
Search the file for <websso>.
Add or change the <auditlevel> entry under <websso>, as follows:
Where Value is one of the following or the combined values of two or more:
Error = 1
Warning = 2
Info = 4
SuccessAudit = 16
FailureAudit = 32
DetailedSuccess = 64
DetailedFailure = 128
Everything = 247
Save and close the web.config file.