From Technet :
- events on ADFS: 1200,1201,1203,1206,1210
- events on WAP: 224, 245, 396, 12025, 13015, 13046, 14027, 14032
- events on ADFS - Security - 299, 401, 403, 404, 410, 412, 431, 500, 501, 502, 503, 510, 1200
event Security:299, AD FS Auditing, Classic - Audit Success, Information - token is issued; connection with different events on Instance ID; relaying party identifier
event Security:401, AD FS Auditing, Classic - Audit Success, Information - request context headers, Activity ID
event Security:403, AD FS Auditing, Classic - Audit Success, Information - HTTP request was received, Instance ID, Activity ID, client IP, caller identity, details, request header in ID 510
event Security:404, AD FS Auditing, Classic - Audit Success, Information - HTTP response was dispatched, Instance ID, Activity ID, headers in ID 510
event Security:410, AD FS Auditing, Classic - Audit Success, Information - request context headers, Activity ID
event Security:412, AD FS Auditing, Classic - Audit Success, Information - token for relaying party was successfully authenticated, instance ID in event 501 - caller identity, Activity ID, Instance ID
event Security:431, AD FS Auditing, Classic - Audit Success, Information - active request was received, key type, request type, Activity ID
event Security:500, AD FS Auditing, Classic - Audit Success, Information - issued claims; connection with different events on Instance ID
event Security:501, AD FS Auditing, Classic - Audit Success, Information - issued claims; groups (if issued as claim); connection with different events on Instance ID; caller identity
event Security:502, AD FS Auditing, Classic - Audit Success, Information - issued claims; groups (if issued as claim); connection with different events on Instance ID; onBehalf of identity
event Security:503, AD FS Auditing, Classic - Audit Success, Information - issued claims; groups (if issued as claim); connection with different events on Instance ID; actAS identity
event Security:510, AD FS Auditing, Classic - Audit Success, Information - header for request from event ID 403, Instance ID
event Security:1200, AD FS Auditing, Classic - Audit Success, Information - valid token issued; connection with different events on Instance ID
event Security:1206, AD FS Auditing, Classic - Audit Success, Information - sign out request Activity ID
Brak komentarzy:
Prześlij komentarz