Can't Start Trace Log

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

I'm using XP Pro SP2, and am trying to run a trace log to see which
processes are starting/stopping and when. However, I get the following when
I try to start the log:

Can't start trace log from Windows Kernel Trace provider
(event process creations/deletions). Error "The LOG_NAME
log or alert has not started. Refresh the log or alert
list to view current status, or see the application event
log for any errors. Some logs and alerts might require a
few minutes to start, especially if they include many
counters." In application event log appears this event:

Event Type: Warning
Event Source: SysmonLog
Event Category: None
Event ID: 2014
Date: 06.11.2004
Time: 01:33:43 User: N/A
Computer: DELL
Unable to start the trace session for the 1 trace log
configuration. The Kernel trace provider and some
application trace providers require Administrator
privileges in order to collect data. Use the Run As
option in the configuration application to log under an
Administrator account for these providers. System error
code returned is in the data.

For more information, see Help and Support Center at
0000: 05 00 00 00 ....

I have no idea why this would happen. Also, the event states that I need to
have Admin rights. I AM using an account with Admin rights (although not the
Administrator account). Does anyone have a possible idea?

1 answer Last reply
More about start trace
  1. you can modify the properties of the service called sysmonlog (short name)

    in a cmd window :
    sc getdisplayname sysmonlog

    read the long name (in fench: Journaux et alertes de performance)

    in the window "managing windows services" search your corresponding service then right click and choose Properties

    in the tab "connexion" (in french) choose the appropriate user which have authority to write the log

Ask a new question

Read More

Microsoft Trace Windows XP