Error—Specifies whether to record events for significant problems to the debug log. Running the dbmon command outputs the debug log to the command prompt.

Warning—Specifies whether to record events, which are not necessarily significant but that may cause future problems, to the debug log.

Informational—Specifies whether to record informational events, such as redirects with protocol Uniform Resource Locators (URLs), token validations, or claim mappings, to the debug log.

Verbose—Specifies whether to record detailed information about events, such as sign-in requests, responses, token contents, Web method calls, and security identifier (SID) information to the debug log.

Audit success—Specifies whether a security audit is recorded for every successful user authentication or trust policy change that is made to this Federation Service. All success records are logged to the debug log file that is identified in the Log files directory box.

Audit failure—Specifies whether a security audit is recorded for every unsuccessful attempt to change the trust policy for this Federation Service. All audit failure records are logged to the debug log file that is identified in the Log files directory field.

Event log entries—Specifies whether to record all Active Directory Federation Services (AD FS) events to the debug log.

Cookie—Specifies whether to record cookies to the debug log.

Log files directory—Provides a space for you to type or browse to the location of the log file that is used to view all information that is generated by the selections that you make on this page.

Note

If you choose a directory that is different from the default directory, you must assign Read, Write, Create files, and List folder permissions to the identity of the ADFSAppPool that is defined in Internet Information Services (IIS) Manager (by default Network Service) so that the federation server or federation server proxy has the necessary permissions to write to the log files.