Skip to main content

Microsoft launches Linux version of Windows Sysmon

A developer writing code
(Image credit: Shutterstock / Elle Aon)

The popular Sysmon system monitoring utility for Windows now has a native version for Linux, written by Microsoft itself.

A part of the Sysinternals tool, the Sysmon utility is often pitched as an essential component in the security toolbox of a Windows admin, for its ability to monitor and log system activity to help admins identify malicious activity. 

Reporting on the development, BleepingComputer notes that one of the reasons for Sysmon's popularity is its ability to create custom configuration files that administrators can use to monitor for specific system events.

Microsoft's Mark Russinovich, who is also one of the co-founders of the Sysinternals utility suite, has announced that Microsoft has released Sysmon for Linux on GitHub under the open source MIT license.

Under development

While it’s good to see Microsoft porting one of its popular tools to Linux, it should be noted that there’s no dearth of system and network monitoring tools on Linux.

Also, as things stand currently, Sysmon for Linux appears to be a work-in-progress and not something that Microsoft would want admins to use in a production environment.

For starters, the Linux port of Sysmon doesn’t appear to have an easy-to-install binary. According to the project’s GitHub page, the only way admins can deploy Sysmon on Linux is to compile it manually from source. 

While the process is straightforward, it still involves a lot more running around than installing binaries. Furthermore, Windows has only published the process for Ubuntu, which leaves a lot of Linux users in the lurch.

Another indication of the under-development nature of the tool emerges after it has been installed. While BleepingComputer encountered no issues getting the tool to work on its Linux installation, it notes that the list of current event IDs that Sysmon for Linux can log include several that don’t apply to Linux, such as Registry events.

Via BleepingComputer

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.