Purpose

Process Monitor logs may be required to troubleshoot a backup issue. The issue may reproduce under various conditions and is sometimes random, preventing successful manual log collection.

This article provides a set of simple Windows batch scripts that can be used to initiate Process Monitor log collection as part of a scheduled backup plan without user interaction.

Disclaimer

Process Monitor logs collection is a resource-heavy procedure. Make sure to set up the log collection carefully as incorrect usage may result in the overuse of local resources, especially disk space, resulting in potential system malfunction.

Unattended log collection assumes logs are being saved directly to files, which increases disk I/O load. To prevent potential backup/snapshot failures, we recommend saving logs to disks that are not actively utilized otherwise.

Step-by-step

Obtain the software

1. Download and unpack Procmon from Windows Sysinternals: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
2. Download the attached set of batch scripts: procmon.zip
3. Unpack the scripts and Procmon to the same folder, e.g. "D:\Procmon". Make sure that "procmon.exe" and scripts are on the same level

Scripts usage

You can modify the scripts to your liking, but remember - Windows batch script creation is out of Acronis support scope. Scripts in this article are provided as an example, any issues with modified scripts need to be analyzed by the author of the modification.

Step-by-step (example)

1. Unpack scripts and Procmon utility to "D:\Procmon" folder and create "Logs" folder inside on the device where the Agent is installed
2. Edit the backup plan that will be used for troubleshooting
3. Open the Backup options and navigate to Pre-post commands
4. Specify the following parameters:
   
   • To initiate procmon logs collection when the backup starts enable "Command before backup".
     Logs will be saved to "D:\Procmon\Logs" and procmon log will stop automatically in 5 minutes (300 seconds)

     Command or batch file	run_procmon
     Working directory	D:\Procmon
     Arguments	300 D:\Procmon\Logs
     Fail the backup	unchecked
     Do not back up until completes	unchecked

   • To stop procmon and clear logs as soon as the backup is finished enable "Command after backup".
     Procmon will stop immediately and logs will be deleted from "D:\Procmon\Logs" if the backup is successfully finished.
     This command will not trigger if the backup fails

     Command or batch file	stop_and_clear
     Working directory	D:\Procmon
     Arguments	D:\Procmon\Logs
     Fail the backup	unchecked

5. In the Backup options navigate to "Pre-post data capture commands"

6. Specify the following parameters
   

   • To stop running procmon logs collection 5 minutes after snapshot starts enable "Command before data capture"
     This command will trigger a 5-minute timeout and will terminate any running procmon afterward

     Command or batch file	stop_procmon_after
     Working directory	D:\Procmon
     Arguments	300
     Fail the backup	unchecked
     Do not back up until completes	unchecked

   • To stop running procmon immediately after snapshot finishes enable "Command after data capture"

     Command or batch file	stop_procmon
     Working directory	D:\Procmon
     Arguments
     Fail the backup	unchecked
     Do not back up until completes	unchecked

7. After making the changes click Done and save changes in the backup plan. The next scheduled backup plan will generate logs according to the options used.

Notes

• Avoid using "run_procmon.bat" without a duration - not setting duration may result in endless log collection that can only be stopped manually
• "run_procmon.bat" does not accept skipping parameters. Duration must always be first, logs folder can only be specified after a duration and timeout can only be specified after the log folder. To change this behavior scripts need to be modified
• Procmon will be running from the same user that is set as logon user for "Acronis Managed Machine Service". If this is an actual active user Procmon windows will become active (but minimized) on the desktop. If this is not an active user (e.g. Local System account) procmon processes will only be visible in Task Manager or similar utilities
• "run_procmon.bat" script must be used in order to generate any logs; other scripts serve as a method of managing the logs and running procmon for best performance
• Scripts are built to generate logs based on daily backups using the current date as the resulting log name. If you need to use the script on a backup that runs more frequently script needs to be modified, otherwise, it will re-write the existing daily log on each run
• File-level backups by default do not force snapshot creation, this option is controlled by File-level backup snapshot backup plan option. The scripts specified in pre- and post- data capture may be skipped in such backups
• "run_procmon.bat" and "del_procmon.bat" use local system date to define file names, for locales using '/' as a separator it is changed to '_' within the script
• If you're using folder names that contain spaces make sure to enclose them in double quotes
• Adapt scripts usage according to your needs, e.g.:
  • If you need to troubleshoot only the snapshot creation make sure to stop log collection on post-data capture command, you can also start procmon collection on pre-data capture command if you want to skip previous steps
  • If you know that backup fails within the first 3 minutes adjust the timeout to 180 accordingly to avoid running procmon for a longer period if the backup doesn't fail
  • If you need to keep the logs regardless of the backup failure do not utilize "stop_and_clear.bat" script in the backup plan
  • If you need to investigate an issue that happens during the backup and certainly after snapshot - you can start procmon collection on post-data capture command to reduce the resulting log size