How to collect logs of Process Monitor
Latest update: December 11, 2020
ID: 10935
Collecting a system events log
-
Close all unused applications.
-
Run Procmon.exe. Logging will start automatically.
-
Minimize Process Monitor and reproduce the issue.
-
Maximize Process Monitor and uncheck the option File -> Capture Events. Event logging will stop.
-
Select the menu item File -> Save.
-
Select All Events in the Events to save section. Specify the path for the logs to be saved, then click OK.
Writing a system events log into a file
- Run Procmon.exe and select File -> Capture Events. Logging will stop.
- Select File -> Backing Files.
- Select Use file named and specify the path to the folder where the logs will be stored with the file name (for example, C:\logs\temp). Click OK.
- Click OK.
- Restart Process Monitor. Logs will start being written into the file.
- To stop logging, select File -> Capture Events.
- Close Process Monitor.
Collecting a boot log
-
Run Procmon.exe.
-
Select Options -> Enable Boot Logging.
-
Click OK.
-
Restart the operating system.
-
Wait until the system starts (it may take up to 15 minutes) and run Procmon.exe again.
-
Click Yes and save the log file.
