I am trying to use logparser to extract event logs from the ADFS service logs (log named="AD FS 2.0/Admin", event log file= c:\windows\system32\Winevt\Logs\AD FS 2.0%4Admin.evtx). When I use FROM 'AD FS 2.0/Admin' in my query, I get an error "the system
cannot find the file specified". What am I doing wrong?
"c:\Program Files (x86)\Log Parser 2.2\LogParser.exe" -i:EVT "SELECT TimeGenerated, EventType, EventID, EventCategory, ComputerName, Strings INTO 'c:\adfs.csv' FROM '\\adfs.mydomain.com\ADFSAdmin' WHERE (TimeGenerated >= TIMESTAMP('2011-10-24 15:00:00','yyyy-MM-dd
hh:mm:ss')) AND (TimeGenerated <= TIMESTAMP('2011-10-24 16:00:00','yyyy-MM-dd hh:mm:ss' )) ORDER BY TimeGenerated" -o:csv -headers:OFF
Error: Error retrieving files: Error searching for files in folder \\adfs-1.iastate.edu\ADFSAdmin: The network name cannot be found.
Tried renaming the event log file so it will not contain "%4" in it. Did not work either. Any other ideas?
In the meantime, I started using wevtutil.exe (native to the system) to copy the AD FS 2.0/Admin event log somewhere else (I did not rename the log itself) and then use LogParser.
riteshku
I did in another way.
Right click on the AD FS 2.0/Admin event.
Click on Properties. change the log path to "%SystemRoot%\System32\Winevt\Logs\ADFSAdmin.evtx"
iksurpab
3 Posts
how to use logparser to get ad fs logs?
Oct 20, 2011 02:05 PM|LINK
I am trying to use logparser to extract event logs from the ADFS service logs (log named="AD FS 2.0/Admin", event log file= c:\windows\system32\Winevt\Logs\AD FS 2.0%4Admin.evtx). When I use FROM 'AD FS 2.0/Admin' in my query, I get an error "the system cannot find the file specified". What am I doing wrong?
logparser logfilename
steve schofi...
5682 Posts
MVP
Moderator
Re: how to use logparser to get ad fs logs?
Oct 22, 2011 09:02 AM|LINK
you have to do \\servername\ADFSAdmin as your 'from source'
Steve Schofield
Windows Server MVP - IIS
http://iislogs.com/steveschofield
http://www.IISLogs.com
Log archival solution
Install, Configure, Forget
iksurpab
3 Posts
Re: how to use logparser to get ad fs logs?
Oct 24, 2011 08:47 PM|LINK
This does not work either:
"c:\Program Files (x86)\Log Parser 2.2\LogParser.exe" -i:EVT "SELECT TimeGenerated, EventType, EventID, EventCategory, ComputerName, Strings INTO 'c:\adfs.csv' FROM '\\adfs.mydomain.com\ADFSAdmin' WHERE (TimeGenerated >= TIMESTAMP('2011-10-24 15:00:00','yyyy-MM-dd hh:mm:ss')) AND (TimeGenerated <= TIMESTAMP('2011-10-24 16:00:00','yyyy-MM-dd hh:mm:ss' )) ORDER BY TimeGenerated" -o:csv -headers:OFF
Error: Error retrieving files: Error searching for files in folder \\adfs-1.iastate.edu\ADFSAdmin: The network name cannot be found.
Tried renaming the event log file so it will not contain "%4" in it. Did not work either. Any other ideas?
riteshku
1 Post
Re: how to use logparser to get ad fs logs?
Dec 29, 2011 05:22 PM|LINK
I did in another way.
Right click on the AD FS 2.0/Admin event.
Click on Properties. change the log path to "%SystemRoot%\System32\Winevt\Logs\ADFSAdmin.evtx"
Now modify the logparser script to
copy "C:\Windows\System32\winevt\Logs\ADFSAdmin.evtx" "C:\temp\ADFSEvents.evtx""c:\Program Files (x86)\Log Parser 2.2\LogParser.exe" -i:EVT "SELECT TimeGenerated, EventType,EventID, EventCategory, ComputerName, Strings INTO 'c:\temp\adfs.csv' FROM 'C:\temp\ADFSEvents.evtx'
del c:\temp\ADFSEvents.evtx
pause
This worked for me. Make sure you run the batch file with Admin privileges.
AD FS 2.0\Admin LogParser
iksurpab
3 Posts
Re: how to use logparser to get ad fs logs?
Jan 11, 2012 07:13 PM|LINK
Thanks for the idea.
In the meantime, I started using wevtutil.exe (native to the system) to copy the AD FS 2.0/Admin event log somewhere else (I did not rename the log itself) and then use LogParser.