How can i add filters in ETW #320
Description
I am utilizing the Microsoft-Windows-Kernel-File provider to capture file system events. However, rather than capturing events across the entire system, I aim to apply targeted filtering based on specific, predefined directories. The goal is to ensure that only events related to operations performed within these directories are captured. This will allow the ETW (Event Tracing for Windows) to efficiently filter and forward only the relevant events for further processing, minimizing unnecessary overhead and focusing on the directories of interest.
How it can be done?