Frequently Asked Questions
Frequently Asked Questions
Using Process Monitor to Collect Logs
Posted by Rami Aalto (M-Files) on 24 August 2018 03:35 PM

When something doesn't quite work the way it should on a computer, Process Monitor (a.k.a ProcMon) can be a valuable tool to investigate the root cause of the problem. ProcMon is a tool that is named after what it literally does; it monitors processes on a computer and saves those events in real-time to a log file for examination.

ProcMon is a free tool by Microsoft and you can download it here: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

Here's how to use ProcMon:

  1. Close all unrelated applications
  2. Launch Procmon with the "Run as administrator" option at the user's computer
  3. If needed, clear the initial filter options by clicking on Reset or unchecking the unnecessary items
    There should be only 2-3 entries checked:
    1. Process Name is Procmon64.exe, Action = Exclude (this is only on 64-bit systems)
    2. Process Name is Procmon.exe, Action = Exclude
    3. Event Class is Profiling, Action = Exclude
  4. Click OK
  5. The program starts with logging enabled so stop it for now with CTRL + E and then clear the log with CTRL + X
  6. Prepare the problem scenario so that it can be reproduced
  7. Make sure that the log gathering is started (You can start and stop it with CTRL + E key combination)
  8. Reproduce the error and stop the logging immediately to prevent the file size from growing very large
  9. Save the procmon log as pml file (at save dialog, select "all events" and "Native process monitor format (.PML)
  10. Optional: If you intend to send the log to someone for investigating, we recommend compressing the pml file to zip file (right-click on it, Send to -> Compressed folder (zip)
(2 vote(s))
This article was helpful
This article was not helpful

Help Desk Software by Kayako case