Author: jookie57
Subject: ** Feature request list **
Posted: 31 March 2014 at 11:51pm
I know I'm pretty late to the party on these, but maybe I can still help someone...
In response to this:
It looks like you could use the new /saveapplyfilter switch added in version v3.1:
Source: http://blogs.technet.com/b/sysinternals/archive/2014/03/07/updates-process-explorer-v16-02-process-monitor-v3-1-psexec-v2-1-sigcheck-v2-03.aspx
Add the new switch at the end of you command line:
Edited by jookie57 - 3 hours 8 minutes ago at 11:52pm
Subject: ** Feature request list **
Posted: 31 March 2014 at 11:51pm
I know I'm pretty late to the party on these, but maybe I can still help someone...
In response to this:
 waylander wrote:If there any possibility of adding in a feature to the CLI to take a large process monitor file and parse it with a filter to a smaller output file it would be a lifesaver. Something similar to what you can do with Tshark for wireshark traces, and with the netmon command line switches. I have tried this procmon /OpenLog Non_working.PML /LoadConfig ProcmonConfiguration. pmc /Quiet /SaveAs output.pml But the resultant file was just the same size as the input file. I had selected drop filtered events and the filter did work in the loaded trace. |
It looks like you could use the new /saveapplyfilter switch added in version v3.1:
| Process Monitor v.3.1: This release adds ... a new switch, /saveapplyfilter, which has Process Monitor apply the current filter to the output file as it saves it. |
Source: http://blogs.technet.com/b/sysinternals/archive/2014/03/07/updates-process-explorer-v16-02-process-monitor-v3-1-psexec-v2-1-sigcheck-v2-03.aspx
Add the new switch at the end of you command line:
I tested this and it seems to work as you requested.procmon.exe /OpenLog Non_working.PML /LoadConfig ProcmonConfiguration.pmc /Quiet /SaveAs output.pml /saveapplyfilter
Edited by jookie57 - 3 hours 8 minutes ago at 11:52pm