I am trying to monitor for a python script that runs. Windows 10 machine.
In taskmanager, when you view the column “command line” – it is listed exactly as what’s written below with quotes and all. Using the process discovery rules, I can find ‘pythonw.exe’ by itself as just the executable (no commandline matching). But, if I try to monitor with command line regex, no matter what combination I try, it can’t find it. I’ve tried with and without the quotes, while escaping them properly.
Reason I don’t want to monitor for just ‘pythonw.exe’ is to make sure the script is running (pythonw is actually called by python.exe to load this script).
Windows TaskManager “command line” column view:
“C:\Program Files\Python3\pythonw.exe” C:\Users\john\Downloads\test.py
This regex will repeat the letter “e” none or once or multiple times. It will surely not match a command line like pythonw.exe test.py. You can use a website like regex101.com to test your patterns. Remember to switch to python mode there.
A correct regex would be .*pythonw\.exe.*test\.py as the ps check always matches from the baginning of the command line.
thanks! i totally didn’t think of trying to use a regex validation tool. i definitely missed a few things as you outlined (probably because it seemingly or luckily worked on another executable I did). with the full_path turned on and your correct regex, it’s working now!
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.