Microsoft launches Linux version of Windows Sysmon

Sysmon for Linux appears to be a work-in-progress

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The popular Sysmon system monitoring utility forWindowsnow has a native version forLinux, written byMicrosoftitself.

A part of the Sysinternals tool, the Sysmon utility is often pitched as an essential component in the security toolbox of a Windows admin, for its ability to monitor and log system activity to help admins identify malicious activity.

Reporting on the development,BleepingComputernotes that one of the reasons for Sysmon’s popularity is its ability to create custom configuration files that administrators can use to monitor for specific system events.

Microsoft’s Mark Russinovich, who is also one of the co-founders of the Sysinternals utility suite, has announced that Microsoft has releasedSysmon for Linuxon GitHub under theopen sourceMIT license.

Under development

Under development

While it’s good to see Microsoft porting one of its popular tools to Linux, it should be noted that there’s no dearth of system and network monitoring tools on Linux.

Also, as things stand currently, Sysmon for Linux appears to be a work-in-progress and not something that Microsoft would want admins to use in a production environment.

For starters, the Linux port of Sysmon doesn’t appear to have an easy-to-install binary. According to the project’s GitHub page, the only way admins can deploy Sysmon on Linux is to compile it manually from source.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While the process is straightforward, it still involves a lot more running around than installing binaries. Furthermore, Windows has only published the process forUbuntu, which leaves a lot of Linux users in the lurch.

Another indication of the under-development nature of the tool emerges after it has been installed. WhileBleepingComputerencountered no issues getting the tool to work on its Linux installation, it notes that the list of current event IDs that Sysmon for Linux can log include several that don’t apply to Linux, such as Registry events.

ViaBleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

A new form of macOS malware is being used by devious North Korean hackers

How to turn off Meta AI