ADFS 2.0 Eventviewer backup

Tagged: 

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of nidhin ck nidhin ck 3 months, 2 weeks ago.

  • Author
    Posts
  • #51767
    Profile photo of nidhin ck
    nidhin ck
    Participant

    Hi Experts,

    I found below blog which talks about taking backup of eventviewer from remote machine.

    But im unable to to pull the eventlogs of ADFS 2.0. I tried below query but no luck

    $log = get-wmiobject win32_nteventlogfile -filter "logfilename = 'AD FS 2.0/Admin'" -ComputerName ser1 

    Pls help

  • #51859
    Profile photo of Alex
    Alex
    Participant

    This is the code I use to backup my event logs:

    $p = "C:\test\"
    $log = "system"
    $EventLogs = Get-WmiObject -Class Win32_NTEventlogFile -EnableAllPrivileges | where {$_.logfilename -eq "$log"}
    $EventLogs.PSBase.Scope.Options.EnablePrivileges = $true
    $export = $log + (get-date -f yyyyMMdd) + ".evtx"
    $EventLogs.BackupEventLog($p + $export)
    
  • #51873
    Profile photo of nidhin ck
    nidhin ck
    Participant

    Im facing issues only for ADFS 2.0 event logs. Im able to get Application/System/Security etc.

    ADFS logs are located at "Applications and Services Logs / AD FS 2.0 / Admin

    How to put that in logs..

    I use below cmdlet to pull ADFS logs.. But using wmi im not sure how to access

    Get-WinEvent -FilterHashtable @{ProviderName="AD FS 2.0";LogName="AD FS 2.0/Admin"} -ComputerName sacnt833

You must be logged in to reply to this topic.