How do I use Sysinternals Process Monitor to capture system calls that Siteminder is making?

Document ID : KB000100775
Last Modified Date : 11/06/2018
Show Technical Document Details
Introduction:
This article will go over the process of using the Sysinternals Process Monitor to capture the system calls that a siteminder process is calling
Question:
How do I use Sysinternals Process Monitor to capture system calls that Siteminder is calling?
Environment:
Windows
Answer:
First, you will need to download the Process Monitor package from the Microsoft website found here:

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

It is a Zip Archive, so you will need to extract it to a folder. In that folder, there is an .exe file called Procmon.exe, this is what we will use. Double click it to open the application.

The application should open and show a Process Monitor Filter window.
Click the first drop down menu and select "Process Name"
Process Name is the name of the process that you can see in Task Manager.

NOTE: For Siteminder there is many Process Names that there could be. A list of agent names can be found below in the Additional Information section.

Make sure the second drop down is set to contains.
Enter the name of the process that you want to monitor.
Make sure the last drop down menu says Include.
Now you will want to click the Add button and the click OK.
Process Monitor will start capturing the System calls that the OS is processing. If the Process Name (or filter that you setup) is correct and the process is running, you will start to see the System Calls that the process is making.

To save the capture, click File -> Save...
Additional Information:

Agent:
LLAPW.exe

Policy Server:
smpolicysrv.exe

Access Gateway:
LLAWP.exe
tomcat.exe
java.exe
httpd.exe

OneView Monitor Client:
service_monsrvr.exe