Track Application Start/End Log
Hello, I like to organize the following log information. A: any executables(.exe files) start B: any executables termination When I navigate on the left pane of Event Viewer to Application, I see some apps are saying something but don't see when they were launched or closed. Any information would be appreciated. Thank you.
August 29th, 2010 10:40pm

You can run ProcessMonitor [1] in background to trace this information. André [1] http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx"A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2010 12:56am

Hi, André. Thank you for the reply. Does Process Monitor suit for checking running applications just before unexpected shutdown? I googled how to use it and found this article helpful. I followed what it says and could save the output. However, still I cannot find a way to save the log automatically like Event Viewer does. It seems I have to choose "Save" every time I need a log file. In that case, I cannot detect running processes right before BSOD. The help file of Process Monitor says something about it, Logging By default, Process Monitor uses virtual memory to store captured data. Use the Backing Files dialog, which you access from the File menu, to configure Process Monitor to store captured data in files on disk. Enabling this option has Process Monitor log data to the disk in its native PML format as it captures it. So, I selected Backing Files...(Control+B) from the File menu, chose use file named:, typed the logfilne name, and pressed OK. The result is creating over 300mb files in a short period of time. I think I'm doing it wrong. Also, when I try to open those huge files I get this error, --------------------------- Process Monitor --------------------------- Invalid argument: D:\logfiles\PMLogFile20100830.PML --------------------------- OK --------------------------- The current filter I added to the default is, Column Relation Value Action --------------------------------------------------------------------------- Process Name ends with .exe Inlude Operation is Thread Exit Exclude Operation is Thread Create Exclude Operation is Load Image Exclude
August 30th, 2010 4:10pm

ProcessExplorer has an option to write the data to a file. Check this."A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2010 5:27pm

ProcessExplorer has an option to write the data to a file. Check this. Have you tried it by yourself? I just ran it over night and it created 21GB of PML files which even Process Monitor does not resume when it relaunched. This means I cannot refer to the log file and even get less space on the hard drive. If you are using it, could you give some more details to create and open a log file?
August 31st, 2010 1:59am

You can use filters in Process Monitor and then capture events to achieve this. For more information, please refer to this article: How to Use Process Monitor to Track Events and Generate a Log File Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. If the issue persists, you can post a question on Process Monitor Forum directly for assistance.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2010 11:30am

Linda Yan wrote : You can use filters in Process Monitor and then capture events to achieve this. For more information, please refer to this article: How to Use Process Monitor to Track Events and Generate a Log File Please look at my second post (my first reply of this thread). I've shown I have tried using filters and also even the link you pasted is what I posted. It is hard to believe a moderator can do such a manner. So can I understand the default Windows 7 cannot track application's open/close log?
August 31st, 2010 12:08pm

OK, it seems Windows 7 is not capable of doing it by default. Process Monitor just creates huge log files and not good for a long time monitoring as well. I found a good tool for my need. This solves my problem: New Process Notifier Thanks.
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2010 4:47pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics