Start-process $LogPath\procmon.exe $ProcMonParameters # Remove old compressed log files to enable roll over $ProcMonParameters = "/Backingfile $Logfile /AcceptEula /Minimized /Quiet" $Zipfile = $LogPath+"\Logfile_"+$Counter+".zip" $Logfile = $LogPath+"\Logfile_"+$counter+".pml" My script will automatically compress past log files to further limit the disk space required before they are being rolled over. ProcMon files grow big pretty fast but they can be compressed easily. 6 log files with each containing 5 minutes (300 seconds) of past events will allow you to keep the required disk space to a minimum while having 30 minutes to react and stop the trace once the error appears. It allows you to specify how many log files you would like to keep and how many seconds you want to capture in each log file. I have written a script that adds this functionality to Process Monitor. Circular tracing (or circular logging) works by overwriting old events with new events and keeps the logfile on a given size. One thing Process Monitor does not do is circular tracing. Leaving ProcMon running for an extended period of time will fill up your disk very soon, especially if it is run in a XenApp environment with dozens of users working on the same machine.
ProcMon can capture a lot of data but in the process it creates large logfiles. However, some problems are not easy to reproduce and therefore difficult to capture with Process Monitor.
More often than not, vendors like Microsoft or Citrix ask you to upload a trace file created with ProcMon to enable them to assist you with troubleshooting. It is very useful when you need to collect information from your system for troubleshooting purposes. Process Monitor (ProcMon) is the goto utility to capture system events like file system or registry access.
0 kommentar(er)
