none
History Depth Functionality RRS feed

  • Question

  • Within our current environment we are experiencing variable results with History Depth.

    Essentially, it appears history depth only works upon termination of process. Logs are not rotating until we close procmon. The version immediately prior to current version appears to work most of the time; however, still experiences the problem occasionally.

    2012 version of procmon appears to work in a legacy environment; however, would prefer not to use this version in current environment.

    Current scripts utilize task scheduler and .bat to execute. Whenever we perform the same actions with previous version it will work, until process is terminated and restarted. At this point we experience variable functionality 

    When we perform these actions with the current version, logs never rotate until procmon is terminated.

    The desired end result is a scheduled task to execute .bat file to perform procmon at every reboot with a templated config file which will rotate logs at a rate that has been established as safe for our current environment. The purpose is so that we can deploy the script/procmon to any end user experiencing the problem and procmon will run continuously in the background until the user experiences the problem, they can then zip their .pmls and send them to us for analysis and not worry about drive space.

    Any help you can provide with this issue would be greatly appreciated and if you think we be performing a portion of our scripted functions, please by all means point it all. Can and will provide scripts on request.

     
    Tuesday, September 29, 2020 6:44 PM

All replies

  • Can you please elaborate a little bit more o your problem?? what is exactly your problem with the histiry depth??

    I generally use these two cmds and run them remotely on the user's machine when needed:

    REM *****startpmon.cmd*****

    set PMExe="C:\temp\Procmon.exe"

    set PMHide=/Quiet /Minimized /AcceptEula

    set PMCfg=/LoadConfig C:\TEMP\application.pmc

    set PMFile=/BackingFile C:\temp\application.pml

    start "" %PMExe% %PMFile% %PMCfg% %PMHide%

    %PMExe% /WaitForIdle

     

     

     

    REM *****Stop.cmd*****

    set PMExe="C:\temp\Procmon.exe"

    %PMExe% /Terminate

    REM *****Reset Using Paging File for next usage…

    start "" %PMExe% /PagingFile /NoConnect /minimized /quiet

    %PMExe% /waitforidle

    %PMExe% /Terminate

    To run them remotely:

    psexec \\remotepc -s c:\temp\startpmon.cmd

     

    psexec \\remotepc -s c:\temp\stop.cmd

    HTH
    -mario

    Wednesday, September 30, 2020 8:41 AM