Process Monitor capture filter (or scripting)

Question

As you know, Microsoft distributes the Russinovich extremely powerful process monitor. It captures a lot of system events and has a filter to show only some of them. I want to record a rare fault at specific file names. However, there is a lot of events in my system and the sysinternals log takes gigabytes of RAM recording everything. I am sure that I need to capture no more than file events pass my view filter. I do not want to capture other events. Is it possible?

magicandre1981 · Accepted Answer · 2013-11-18 18:07:26Z

5

Apply the filter before capturing the data and make sure the option Drop filtered Events is set.

enter image description here

Also specify that the data are written to a file and not the RAM:

enter image description here

answered Nov 18, 2013 at 18:07

magicandre1981

98.6k30 gold badges182 silver badges248 bronze badges

Add a comment |

Stack Exchange Network

Process Monitor capture filter (or scripting)

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
windows-7
event-log
capture
process-monitor
.

Hot Network Questions

Process Monitor capture filter (or scripting)

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged windows-7event-logcaptureprocess-monitor.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
windows-7
event-log
capture
process-monitor
.