Setting procmon to put logs in the TEMP folder

  • Article

One of the testers on the team assigned a bug to me that concerns a test tool we use regularly. Specifically, we run procmon (from Sysinternals) to track basic information about OneNote. The logs that we generate can get fairly large after a day or so of running - think 6-12GB or so - and due to some tools we have that install Windows and Office for us, it was becoming possible to fill up a hard drive during an automation run.

The way I had originally written the startup routine for procmon was to save all the logs to the c:\ drive ( a hardcoded location. Experienced testers will know that something about "hard coded" anything is bound to create problems, and in this case, those testers will be proven correct). This was a "down and dirty" quick attempt at getting the logs saved for our runs. The problems started to come in with the tool we use to install Windows. That tool installs Windows to the d:\ drive, and leaves a relatively small disk size on the c: drive. So I was pointing procmon to a location that would very possibly get filled very quickly, and then we would lose logs (among other problems).

Fortunately, procmon has command line support (documented in its help file) for redirecting the log file. I changed our startup batch file to include the new location (Windows TEMP folder), like this:

start %PM% /LoadConfig \\servername\filterfilelocation\procmon\onenote.pmc /Backingfile %TEMP%\onenote.pml /quiet /minimized

In a file that had already defined %PM% to point to the procmon executable.

I was not quite done, though. At the end of the automation run, I had a prompt to the user to remind her where the logs were stored that needed to be updated (just change a string to mention the logs were in the TEMP folder now).  I also changed one other tool to use the Environment variable that points to the TEMP folder so it could find the new location for the procmon logs:

string pathToTemp = System.IO.Path.GetTempPath();
var fileList = from file in

Directory.EnumerateFiles(@"c:\", "onenote*.pml")
Directory.EnumerateFiles(pathToTemp, "onenote*.pml")
select file;

Which is used to do some post processing of the files.

A quick code review later and this is now checked in.

Questions, comments, concerns and criticisms always welcome,
John