Charlie_Melega
asked on
Automating ProcMon from SysInternals
Hello,
I am looking to use ProcMon to monitor a single process for all File System, Network, Process\Thread and Profiling Events activity. (Registry activity would be an overwhelming amount of data)
I would like to run ProcMon in this manner against a single process entirely in the background. Ideally, I would like to close and then export the data captured on a periodic basis and then continue monitoring for a short time period and then export.....etc and the loop continues. I am trying to minimize as much as possible the possibility of killing or even affecting the system I am running ProcMon on. Thanks for any feedback on how I can automate this in a transparent manner.
I am looking to use ProcMon to monitor a single process for all File System, Network, Process\Thread and Profiling Events activity. (Registry activity would be an overwhelming amount of data)
I would like to run ProcMon in this manner against a single process entirely in the background. Ideally, I would like to close and then export the data captured on a periodic basis and then continue monitoring for a short time period and then export.....etc and the loop continues. I am trying to minimize as much as possible the possibility of killing or even affecting the system I am running ProcMon on. Thanks for any feedback on how I can automate this in a transparent manner.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Run from the command prompt
>procmon /?
You will see the options are unfortunately limited :(
>procmon /?
You will see the options are unfortunately limited :(
ASKER
One last question on this, how is a ProcMon config file created?
ASKER
disregard, I just exported the current configuration to a pmc file and will use in command line syntax provided. I will say that these files grow very large, very quickly. It's understandable based on the data captured but I need to pare this down a bit and also build a script that will delete the folders contents of the backing files so that there are no more than 2 at a given time. After the 2nd file closes, I need to delete both and start with the original file name and loop this process.
ASKER
Thanks Govvy. Based on this, how often would the process data I capture be saved to the "BackingFile"? Is there a specific file size limit for this type of BackingFile and would another file be opened an incremented? I am trying to continuously write this data. The file, with the specific process data written, would be closed and a new one opened based on a file size or time limit. Thanks again.