Home > Analysis Services, Automation, Synchronisation, Tips, Tips, Trouble Shooting, Windows Server > Automating process monitor data collection

Automating process monitor data collection

Recently I needed to investigate why SSAS synchronisation commands were intermittently failing and the errors pointed to a file lock on a SSAS data file. To identify the file lock I needed to run process monitor for as long as it takes to capture the problem even if it takes weeks or months for it to occur. This presents the following problems

  • How to prevent the process monitor capture from consuming all available disk space.
  • How to ensure we do not over write the data we are looking for.
  • How to ensure the capture stops once we have the data we are looking for.

The solution I created for this is implemented using the following logic.

  1. Run a scheduled task every x minutes that does the following.
    1. Stop any process monitor sessions already running.
    2. Move the current log file to history folder and clean out any old logs.
    3. Start a new instance of process monitor logging.
  2. Create a schedule task that is fired on a windows event and does the following
    1. Stops any running process monitor session.
    2. Prevents the scheduled task that was running process monitor from running any more.
    Following this logic I now have a rolling process monitor solution that can run for months by running two simple batch files from scheduled tasks.
    The rest of this blog will now cover the detailed steps to setup the rolling process monitor.


Preparing the solution

  1. First of all you need to download the logging.zip file that contains the batch files and folder structures from my drop box here.
  2. Extract the folder structure and files onto your server.
  3. Download process monitor from here.
  4. Copy the process monitor executable into the exe directory in the logging folder structure.
  5. Run process monitor and define any filters you require, once done goto File – Export Configuration and save it as ProcmonConfiguration.pmc in the same directory as the executable.
  6. Open each batch file and if necessary update the paths at the top of the files.
  7. Now all you need to do is create the tasks to run the batch files as detailed below.

Task scheduling

First of all you need a task that will run the process monitor and perform the rollover, the steps to create this are shown below.

  1. Pull up the task scheduler and create a new task. The first screen should be setup as below noting the 2 points in red. The account you use to run the task needs to have local admin.
  2. Next move to the triggers tab and create a schedule to run the task every x minutes where x is the duration of time you wish to elapse before you roll over the log file.
  3. Next move to the actions tab and create a new action to start a program  and populate it similarly to as shown below. You are pointing it at the Run_Procmon.bat that you downloaded earlier.clip_image002[5]
  4. Move to the settings tab and ensure you select “Run a new instance in parallel”, this allows a second instance of the batch file to run which shuts down the current running instances and performs the roll over.clip_image002

With the process monitor rollover task in place you now need a second task that will fire on a predetermined condition and stop process monitor from running any more.

    1. Repeat step 1 as before to start creation of the task, this time giving it a different name.
    2. Move to the triggers tab and this time rather than creating a schedule choose “On an event” and then select the appropriate windows event that you want to use as a trigger. Below is an example showing a trigger configured to fire when SSAS logs event ID 33 to the application log. If required you can define multiple events.     image
    3. Next move to the actions tab and create a new action to start a program  and populate it similarly to as shown below. You are pointing it at the Stop_Procmon.bat that you downloaded earlier. Note, you can also add an additional action to send you an e-mail notifying you that the event fired and process monitor has been stopped so you can review the logs.


You should now have 2 tasks configured and all you have to do is wait for the condition to be met and then review the logs to identify the culprit!


  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: