Configure Windows Event Log to Collect Memory Dump

In this article, we will look into configuring the Windows event log to collect a memory dump, when an error or warning occurs. We can use a built-in feature in the Event log to configure a task that can be fired, when a specific event occurs. Let's look into it with an example. Open the Windows Event Viewer and select an event having an error or warning raised by your application. Click on "Attach a task To this Event…" and follow below steps:

Provide a name for the task and click on "Next":


Click on "Next":


Select option 1 (Start a program), that is needed to fire our tool either ProcDump or ADPlus to collect the dump when the event fires and click "Next":


We will trigger the ProcDump tool to collect the full memory dump of w3wp.exe. If you use the ADPlus tool then point it to adplus.vbs with the arguments "–pn w3wp.exe".


Click "Finish".


When the event above fires in the Event Viewer, ProcDump will be launched and collect w3wp.exe's full memory dump for further analysis.

We can delete the task created for an event by going to "Task Scheduler" -> "Task Scheduler Library" -> "Event Viewer Tasks" -> "Delete" as shown below:


We can attach a task at log level like Application or System and trigger it when a new event fires in it by using the option "Attach a Task To this log…".

By using the above feature, we can trigger a Windows Event log based on a specific event log entry and send an email or collect a dump.

Similar Articles