Author Posts

August 24, 2016 at 5:34 pm

Hi Experts,

I found below blog which talks about taking backup of eventviewer from remote machine.
https://4sysops.com/archives/managing-the-event-log-with-powershell-part-2-backup/

But im unable to to pull the eventlogs of ADFS 2.0. I tried below query but no luck

$log = get-wmiobject win32_nteventlogfile -filter "logfilename = 'AD FS 2.0/Admin'" -ComputerName ser1 

Pls help

August 25, 2016 at 8:58 am

This is the code I use to backup my event logs:

$p = "C:\test\"
$log = "system"
$EventLogs = Get-WmiObject -Class Win32_NTEventlogFile -EnableAllPrivileges | where {$_.logfilename -eq "$log"}
$EventLogs.PSBase.Scope.Options.EnablePrivileges = $true
$export = $log + (get-date -f yyyyMMdd) + ".evtx"
$EventLogs.BackupEventLog($p + $export)

August 25, 2016 at 12:35 pm

Im facing issues only for ADFS 2.0 event logs. Im able to get Application/System/Security etc.

ADFS logs are located at "Applications and Services Logs / AD FS 2.0 / Admin

How to put that in logs..

I use below cmdlet to pull ADFS logs.. But using wmi im not sure how to access

Get-WinEvent -FilterHashtable @{ProviderName="AD FS 2.0";LogName="AD FS 2.0/Admin"} -ComputerName sacnt833