PingFederate generates these logs that document server events:

admin.log
Records actions performed by administrative-console users.
admin-event-detail.log
Records detailed information about each applicable administrative-console event performed by administrative-console users if detailed event logging is enabled.
admin-api.log
Records actions performed by administrative-API users.
runtime-api.log
Records actions performed by API users using the OAuth Client Management Service, the OAuth Access Grant Management Service, and the Session Revocation API.
transaction.log
Records individual identity-federation runtime transactions at specified levels of detail.
audit.log
Records a selected, configurable subset of transaction log information plus additional details, intended for security-audit and regulatory compliance purposes.
provisioner-audit.log
Records outbound provisioning events, intended for security-audit purpose.
provisioner.log
Records only provisioning activity.
server.log
Records PingFederate runtime and administrative server activities.
init.log
Records only Jetty messages generated prior to PingFederate start up.

These log files are written to the PingFederate log directory. The default location is the <pf_install>/pingfederate/log directory. As needed, administrators can change the log directory by modifying the pf.log.dir property in the <pf_install>/pingfederate/bin/run.properties file.