How to collect logs of Process Monitor
Latest update: August 10, 2023
ID: 10935
Download the Process Monitor tool archive for your operating system and extract the files from it:
Make sure that the current user account has administrator rights.
Collecting a system events log
- Close all unused applications.
- Run Procmon.exe. Logging will start automatically.
- Minimize Process Monitor and reproduce the issue.
- Maximize Process Monitor and proceed to File → Capture Events. Event logging will stop.
- Go to File → Save.
- Select All Events in the Events to save section. Specify the path for the logs to be saved, then click OK.
Writing a system events log into a file
- Run Procmon.exe and select File → Capture Events. Event logging will stop.
- Proceed to File → Backing Files.
- Select Use file named and specify the path to the folder where the logs will be stored with the file name (for example, C:\logs\temp). Click OK.
- Click OK.
- Restart Process Monitor. Logs will start being written into the file.
- To stop logging, select File → Capture Events.
- Close Process Monitor.
Collecting a boot log
- Run Procmon.exe.
- Go to Options → Enable Boot Logging.
- Click OK.
- Restart the operating system.
- Wait until the system starts (it may take up to 15 minutes) and run Procmon.exe again.
- Click Yes and save the log file.