Feature: Collect logs for requests in Fiddler trace #9

bongiovimatthew-microsoft · 2018-02-07T23:46:44Z

Fiddler captures HTTP requests and saves a set of files that can be parsed. Details on Fiddler serialization

The EventLog script can do the following steps to get the logs associated with the requests in a Fiddler trace:

Open "raw" folder in the Fiddler .saz file, find all <sessid#>_c.txt files
Locate the client requests to ADFS (parse the requests for URLs containing "adfs/ls")
Pull out the "client-request-id" query string parameter (might need to also look in _s.txt in the case where the server returns the ID, but the client never redirects with it)
Send the correlation ID to Get-ADFSEvents to collect the events associated with the current request
Repeat 1-4 for each independent correlation ID that gets discovered (as a Fiddler trace could contain multiple requests)

The current script should be altered to include a -FiddlerTrace parameter, which takes the filepath to the Fiddler trace.

An example execution would be:

Get-ADFSEvents -Logs Security, Admin, Debug -FiddlerTrace c:\fiddlerTrace.saz -Server *

bongiovimatthew-microsoft added help wanted feature-request labels Feb 7, 2018

madhavpatel6 mentioned this issue Aug 15, 2018

Feature: Collect logs for requests in Fiddler trace microsoft/adfsToolbox#27

Open

Provide feedback