3

I am using procmon command line.

procmon.exe /Quiet /Minimized /Openlog C:\Python27\code2\logs.pml /LoadConfig C:\Python27\code2\pmc.pmc /SaveAs C:\Python27\code2\output.csv

After running the above command, the procmon UI shows filtered events but the saved file - output.csv contains all the events.

Is there an option to save the filtered output via cmd? If not, is there a way to copy the output to cmd?

Lieven Keersmaekers
  • 1,513
  • 1
  • 9
  • 22
tryingToLearn
  • 227
  • 5
  • 13
  • On my local environment when running as a console application, I did not need to have the `/LoadConfig` argument for my filters to work. When I ran it as a windows service it totally disregarded my filter setup. By adding the `/LoadConfig` argument it applied the filters when running it as a windows service. – IceCode Jul 01 '18 at 08:29

1 Answers1

2

I figured it out. I was missing the /SaveApplyFilter option. It's strange I did not find a quick reference on forums either. So adding 

/SaveApplyFilter /SaveAs C:\code2\testing2.csv

achieved the desired result.

Also, since I was using existing log file, there is no need to use "Drop Filtered Events" while saving the configuration file.

In case you are capturing logs and want to save them with filters applied, you could enable "Drop Filtered Events" to capture only the required events.

tryingToLearn
  • 227
  • 5
  • 13