A part of the Sysinternals tool, the Sysmon utility is often pitched as an essential component in the security toolbox of a Windows admin, for its ability to monitor and log system activity to help admins identify malicious activity.
Reporting on the development, BleepingComputer notes that one of the reasons for Sysmon's popularity is its ability to create custom configuration files that administrators can use to monitor for specific system events.
- Protect your devices with these best antivirus software
- Here's our choice of the best malware removal software on the market
- These are the best endpoint protection tools
Microsoft's Mark Russinovich, who is also one of the co-founders of the Sysinternals utility suite, has announced that Microsoft has released Sysmon for Linux on GitHub under the open source MIT license.
While it’s good to see Microsoft porting one of its popular tools to Linux, it should be noted that there’s no dearth of system and network monitoring tools on Linux.
Also, as things stand currently, Sysmon for Linux appears to be a work-in-progress and not something that Microsoft would want admins to use in a production environment.
For starters, the Linux port of Sysmon doesn’t appear to have an easy-to-install binary. According to the project’s GitHub page, the only way admins can deploy Sysmon on Linux is to compile it manually from source.
While the process is straightforward, it still involves a lot more running around than installing binaries. Furthermore, Windows has only published the process for Ubuntu, which leaves a lot of Linux users in the lurch.
Another indication of the under-development nature of the tool emerges after it has been installed. While BleepingComputer encountered no issues getting the tool to work on its Linux installation, it notes that the list of current event IDs that Sysmon for Linux can log include several that don’t apply to Linux, such as Registry events.
- Here’s our roundup of the best patch management tools