From time to time it might be necessary to record process activities from Enterprise Vault modules. This will be described below using the NativeFormat as an example.
Obtaining Process Monitor
Process Monitor can be downloaded from the following link: http://technet.microsoft.com/en-gb/sysinternals/bb896645.aspx
It is a zip file and should be unzipped to a temporary folder on the server hosting the modules that need to be monitored.
Launching Process Monitor
To launch process monitor simply double click on procmon.exe
By default when process monitor launches it starts capturing everything from every process on the system. It is best to click on the ‘Capture’ icon the toolbar to stop the data capture whilst the initial configuration is done.
Note: Process Monitor remembers the configuration changes between successive launches of the application, so it is usually only necessary to do the step above once.
Configuring Process Monitor to Capture Module Related Data
To configure process monitor to capture data just for one process, in this case ArchiveShuttle.Module.NativeFormatImport.exe, start by clicking on the ‘Filter’ button on the toolbar.
Choose ‘Image Path’ in the filter dialog, and then in the drop down list select the executable ArchiveShuttle.Module.NativeFormatImport.exe. Note: You may need to make the filter box bigger in order to see the full folder and file names (there is a corner that you can drag on the dialog to make it bigger)
Once the executable has been selected in the image path, click ‘Add’ to add it to the already defined filter.
Additional modules can be added at this time. Additional filters can be added, such as only ‘Operation’ = WriteFile
Let the Data Capture Run
The next step is to let the data capture run for a while. Turn on data capture by clicking on the icon on the toolbar. The display should soon show lots of lines of activity.
Sending the Data in for Review
Once the data capture has run for some time, the data can be saved to file. It is recommended to save the file in Native Process Monitor Format. This will mean that the file can be easily reviewed using Process Monitor by Quadrotech Support staff.
The log file can get quite big if data capture is configured for many processes or left to run for a period of time. It is recommended to work with Quadrotech Customer Experience Team to ensure a ‘good’ capture is obtained, and this is often an iterative process.