Is there a way to rotate backing files? RRS feed

  • Question

  • Hello, I am trying to troubleshoot a problem that occasionally causes the servers I manage to "lock up". I'm hoping to use ProcMon to generate some data about what's going on with the system just before this happens, because we're not getting any clues from event logs and it's been happening to various servers seemingly at random. Because of this random quality, I need to run ProcMon on a server and then wait/hope for a lockup to happen, and I need to solve the problem of not having infinite storage for all the logs being generated. When I run ProcMon on a 2012 R2 server with a backing file and otherwise default settings (because I don't yet know what I'm looking for to narrow things down), it can fill a 40GB hard disk in about an hour and a half. This would be fine if I could delete or overwrite the old log files and maintain a time window, but instead ProcMon stops logging and shows a "disk full" error. I don't see a setting to tell ProcMon to discard or overwrite old files. I tried reducing the event buffer to 70 million events, which solves the filling-the-hard-disk problem but causes ProcMon to crash instead of drop old log files and keep going. Is there a way to have ProcMon write backing files on a rotation basis? Is there another tool out there that might do what I'm looking for? TIA

    Thursday, February 20, 2020 4:38 PM


All replies