Author: Dax1792
Subject: Different number of bootlog files
Posted: 17 July 2013 at 11:13am
The following are quotes from the Windows Sysinternals Reference Manual which is worth buying if you are using the tools frequently.
Subject: Different number of bootlog files
Posted: 17 July 2013 at 11:13am
The following are quotes from the Windows Sysinternals Reference Manual which is worth buying if you are using the tools frequently.
When you enable boot logging from the Options menu, Procmon configures its drivers to run as a boot start driver that loads very early in the boot sequence at the next system startup, before most other drivers. Procmon's driver will log activity into %windir%\Procmon.PMB and it will continue logging through shutdown or until you run Procmon again. Thus, if you don't run Procmon during a boot session, you'll capture a trace of the entire boot-to-shutdown cycle. As a boot start driver, it remains loaded very late into the shutdown sequence.
Backing Files
If you choose a named file, Procmon might create additional files to keep the individual file sizes manageable. Files will have the same base name, with an incrementing number appended. As long as the files are kept in the same folder and with the same base name, Procmon will treat the file set as a single log.