Hi,
>1. Does all log entries read by ReadLog are automatically removed from driver’s
>queue? If not, then how to synchronize user-mode log entries purging (after they’ve
>been read) with kernel mode log filling and not to delete unread entries?
Yes, driver removes log entries automatically
>2. I found FLT_ACTION_NOTIFY filter action flag which is not described in help file
>at all.
FLT_ACTION_NOTIFY is not used now.
>3. I want to make simplified version of Network Monitor App (traffic monitor): I don’t
>need to capture data itself, I need only to know data size >(PLOG_INFO->m_FullDataLength). So data logging shown in “Monitor” example app
>is redundant. What methods(calls) should I use?
It’s not possible with the current api. Driver always logs request’s data. You should modify driver sources for capturing without data.
Regards
Anton.