Carbon Black Cloud: How to Setup Circular Logging on Procmon
search cancel

Carbon Black Cloud: How to Setup Circular Logging on Procmon

book

Article ID: 290404

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How to limit the size of procmon files by setting up circular logging

Environment

  • Microsoft Windows: All Supported Versions

Resolution

  1. Download and install Process Monitor ( https://docs.microsoft.com/en-us/sysinternals/downloads/procmon )
  2. Open ProcMon
  3. Select Options > History Depth...
  4. Select "Limit to:" and specify a file size between 200 and 500 MB as desired e.g. Limit to 300 MB
  5. Select File > Backing Files...
  6. Select Limit "Use file named:" and enter desired file path and file name for procmon files e.g. C:\Temp\LogFile.PML
  7. Close Procmon and reopen when ready to begin replicating issue
  8. Once Procmon is reopened, observe that procmon files will automatically be generated in the specified file location with the specified name prefix e.g. C:\Temp\LogFile.PML, LogFile-1.PML, LogFile-2.PML, etc...
Powered by Wolken Software