How to collect logs of Process Monitor
Latest update: May 31, 2024
ID: 10935
Download the archive containing the Process Monitor tool for your operating system and extract the files from it:
Make sure that the current user account has administrator rights.
Collecting system events logs
- Close all unused applications.
- Run Procmon.exe. Log collection will start automatically.
- Minimize Process Monitor and reproduce the issue.
- Maximize Process Monitor and proceed to File → Capture Events. Event log collection will stop.
- Go to File → Save.
- Select All Events in the Events to save block. Specify the path for the logs to be saved, then click OK.
Writing a system events log into a file
- Run Procmon.exe and select File → Capture Events. Event log collection will stop.
- Proceed to File → Backing Files.
- Select Use file named and specify the path to the folder where the logs will be stored with the file name (for example, C:\logs\temp). Click OK.
- Click OK.
- Restart Process Monitor. Logs will start being written to a file.
- Minimize Process Monitor and reproduce the issue.
- To stop logging, select File → Capture Events.
- Close Process Monitor.
Collecting a boot log
- Run Procmon.exe.
- Go to Options → Enable Boot Logging.
- Click OK.
- Restart the operating system.
- Wait until the system is fully booted (may take 5—15 minutes) and run Procmon.exe again.
- Click Yes and save the log file.
