How do I use Sysinternals Process Monitor to capture system calls that Siteminder is making?
search cancel

How do I use Sysinternals Process Monitor to capture system calls that Siteminder is making?

book

Article ID: 100775

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

This article will go over the process of using the Sysinternals Process Monitor to capture the system calls that a siteminder process is calling

How do I use Sysinternals Process Monitor to capture system calls that Siteminder is calling?

Environment

Windows

Resolution

First, you will need to download the Process Monitor package from the Microsoft website found here:

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

It is a Zip Archive, so you will need to extract it to a folder. In that folder, there is an .exe file called Procmon.exe, this is what we will use. Double click it to open the application.

The application should open and show a Process Monitor Filter window.
Click the first drop down menu and select "Process Name"
Process Name is the name of the process that you can see in Task Manager.

NOTE: For Siteminder there is many Process Names that there could be. A list of agent names can be found below in the Additional Information section.

Make sure the second drop down is set to contains.
Enter the name of the process that you want to monitor.
Make sure the last drop down menu says Include.
Now you will want to click the Add button and the click OK.
Process Monitor will start capturing the System calls that the OS is processing. If the Process Name (or filter that you setup) is correct and the process is running, you will start to see the System Calls that the process is making.

To save the capture, click File -> Save...

Additional Information

Agent:
LLAPW.exe

Policy Server:
smpolicysrv.exe

Access Gateway:
LLAWP.exe
tomcat.exe
java.exe
httpd.exe

OneView Monitor Client:
service_monsrvr.exe