cool-RR
commented
6 years ago If you know of a different project that supplies something like that, I'll be happy if you could refer me.
Closed cool-RR closed 5 years ago
cool-RR
commented
6 years ago If you know of a different project that supplies something like that, I'll be happy if you could refer me.
abergl
commented
6 years ago Unsure what you mean exactly. You can modify one of the examples to do this using the kernel process provider.
cool-RR
commented
6 years ago What I mean is a CLI utility that one could use to track Windows events from the command line, without needing to know how pywintrace works and without having to develop a solution. That's a pretty big ask so if it's out of the scope of this project, I'd understand.
abergl
commented
6 years ago I would say it is out of scope. Events in ETW are relative to the provider that is emitting them. As such, I couldn't just say "events" because that is ambiguous (two providers may emit the equivalent events, etc). It sounds like your asking for a solution that would filter on events, without knowledge of the related provider. As there are hundreds of registered providers (and likely thousands of event types), it isn't something that sounds reasonable. However, you can use pywintrace to do what you propose with knowledge of the provider/events you want.
abergl
commented
5 years ago Closing issue.
I want to run:
And get an infinite output of all the events that match my criteria.