{"id":112887,"date":"2024-07-12T15:57:38","date_gmt":"2024-07-12T19:57:38","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=112887"},"modified":"2024-08-01T10:27:51","modified_gmt":"2024-08-01T14:27:51","slug":"capture-windows-logs-using-process-monitor","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor","title":{"rendered":"Capture Windows Logs Using Process Monitor"},"content":{"rendered":"\n

When troubleshooting issues on Windows devices, 探花大神 Support may need additional data that resides outside of the 探花大神 agent and Event logs. To determine if an external process is interfering with 探花大神 Agent functionality, a Support Engineer may ask you for a Process Monitor capture.<\/p>\n\n\n\n

What is Process Monitor?<\/h2>\n\n\n\n

Process Monitor (Procmon) is a powerful monitoring tool for Windows operating systems. It lets you closely observe the activities occurring in real time on your device. Process Monitor captures and displays detailed information about processes, threads, file system activity, registry changes, network activity, and more. This comprehensive visibility helps when troubleshooting software issues by providing insights into background program activity.<\/p>\n\n\n\n

Downloading Process Monitor<\/h2>\n\n\n\n

Process Monitor can be found on Microsoft\u2019s SysInternals website. See ProcMon Download<\/a>.<\/p>\n\n\n\n

Capturing a Process Monitor Log<\/h2>\n\n\n\n

To capture a log in Process Monitor<\/strong>:<\/p>\n\n\n\n

    \n
  1. Log in to the Windows device using an account with administrative privileges.<\/li>\n\n\n\n
  2. Run Procmon.exe<\/strong> as administrator.<\/li>\n\n\n\n
  3. Process Monitor begins logging the moment it starts running, but a clean capture is recommended. To stop capturing, click Capture<\/strong>.
    \"\"<\/li>\n\n\n\n
  4. Clear all previously recorded events by clicking Clear<\/strong>.\"\"<\/li>\n\n\n\n
  5. When you’re ready to recreate the issue or scenario, click Capture<\/strong> to begin logging.<\/li>\n\n\n\n
  6. Once you’ve recreated the issue or scenario, click Capture<\/strong> to stop logging.<\/li>\n\n\n\n
  7. Save the Process Monitor by going to File<\/strong> > Save<\/strong>.
    \"\"<\/li>\n\n\n\n
  8. Compress and archive (zip) the PML file.<\/li>\n\n\n\n
  9. Send the log to your 探花大神 Support Engineer for further review.<\/li>\n<\/ol>\n\n\n\n

    Capturing a Boot Process Monitor Log<\/h2>\n\n\n\n

    You may need to troubleshoot an issue related to your boot process which requires additional configuration in Process Monitor.<\/p>\n\n\n\n

    To enable boot logging in Process Monitor<\/strong>:<\/p>\n\n\n\n

      \n
    1. Follow steps 1-4 in the previous section<\/a> to launch Procmon, stop the default capture, and clear any previously recorded events. <\/li>\n\n\n\n
    2. Go to Options<\/strong> > Enable Boot Logging<\/strong>.<\/li>\n\n\n\n
    3. The Boot Logging Options<\/strong> window appears. Choose the following options:\n
        \n
      • Select Generate profiling events<\/strong>.<\/li>\n\n\n\n
      • Select Every second<\/strong>.
        \"\"<\/li>\n<\/ul>\n<\/li>\n\n\n\n
      • Reboot the device and recreate the issue.<\/li>\n\n\n\n
      • Log in to the the Windows device. When at the desktop, run Procmon.exe<\/strong>.<\/li>\n\n\n\n
      • The Process Monitor<\/strong> dialogue box appears. Click Yes<\/strong> and save the log file.
        \"\"<\/li>\n\n\n\n
      • Close Process Monitor.<\/li>\n\n\n\n
      • Compress and archive (zip) the PML file.<\/li>\n\n\n\n
      • Send the log to your 探花大神 Support Engineer for further review.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

        When troubleshooting issues on Windows devices, 探花大神 Support may need additional data that resides outside of the 探花大神 agent and […]<\/p>\n","protected":false},"author":218,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[3161,2852,3136,3127,2924],"support_tag":[3160],"coauthors":[3011],"acf":[],"yoast_head":"\nCapture Windows Logs Using Process Monitor - 探花大神<\/title>\n<meta name=\"description\" content=\"Learn how to perform a Process Monitor (Procmon) capture to troubleshoot issues on Windows devices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Capture Windows Logs Using Process Monitor\" \/>\n<meta property=\"og:description\" content=\"Browse the 探花大神 Help Center by category, search for a specific topic, or check out our featured articles.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor\" \/>\n<meta property=\"og:site_name\" content=\"探花大神\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-01T14:27:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"nickconrad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor\",\"url\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor\",\"name\":\"Capture Windows Logs Using Process Monitor - 探花大神\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png\",\"datePublished\":\"2024-07-12T19:57:38+00:00\",\"dateModified\":\"2024-08-01T14:27:51+00:00\",\"description\":\"Learn how to perform a Process Monitor (Procmon) capture to troubleshoot issues on Windows devices.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png\",\"width\":590,\"height\":202},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Capture Windows Logs Using Process Monitor\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"探花大神\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"探花大神\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"探花大神\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Capture Windows Logs Using Process Monitor - 探花大神","description":"Learn how to perform a Process Monitor (Procmon) capture to troubleshoot issues on Windows devices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor","og_locale":"en_US","og_type":"article","og_title":"Capture Windows Logs Using Process Monitor","og_description":"Browse the 探花大神 Help Center by category, search for a specific topic, or check out our featured articles.","og_url":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor","og_site_name":"探花大神","article_modified_time":"2024-08-01T14:27:51+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes","Written by":"nickconrad"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor","url":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor","name":"Capture Windows Logs Using Process Monitor - 探花大神","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png","datePublished":"2024-07-12T19:57:38+00:00","dateModified":"2024-08-01T14:27:51+00:00","description":"Learn how to perform a Process Monitor (Procmon) capture to troubleshoot issues on Windows devices.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/procmon_capture_button.png","width":590,"height":202},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/capture-windows-logs-using-process-monitor#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Capture Windows Logs Using Process Monitor"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"探花大神","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"探花大神","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"探花大神"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/112887"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/218"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/112887\/revisions"}],"predecessor-version":[{"id":113509,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/112887\/revisions\/113509"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=112887"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=112887"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=112887"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=112887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}