Microsoft launches Linux version of Windows Sysmon

News
By published

Sysmon for Linux appears to be a work-in-progress

A developer writing code
(Image credit: Shutterstock / Elle Aon)

The popular Sysmon system monitoring utility for Windows now has a native version for Linux, written by Microsoft itself.

A part of the Sysinternals tool, the Sysmon utility is often pitched as an essential component in the security toolbox of a Windows admin, for its ability to monitor and log system activity to help admins identify malicious activity. 

Reporting on the development, BleepingComputer notes that one of the reasons for Sysmon's popularity is its ability to create custom configuration files that administrators can use to monitor for specific system events.

Microsoft's Mark Russinovich, who is also one of the co-founders of the Sysinternals utility suite, has announced that Microsoft has released Sysmon for Linux on GitHub under the open source MIT license.

Under development

While it’s good to see Microsoft porting one of its popular tools to Linux, it should be noted that there’s no dearth of system and network monitoring tools on Linux.

Also, as things stand currently, Sysmon for Linux appears to be a work-in-progress and not something that Microsoft would want admins to use in a production environment.

For starters, the Linux port of Sysmon doesn’t appear to have an easy-to-install binary. According to the project’s GitHub page, the only way admins can deploy Sysmon on Linux is to compile it manually from source. 

While the process is straightforward, it still involves a lot more running around than installing binaries. Furthermore, Windows has only published the process for Ubuntu, which leaves a lot of Linux users in the lurch.

Another indication of the under-development nature of the tool emerges after it has been installed. While BleepingComputer encountered no issues getting the tool to work on its Linux installation, it notes that the list of current event IDs that Sysmon for Linux can log include several that don’t apply to Linux, such as Registry events.

Via BleepingComputer

TOPICS
Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Close up of the Linux penguin.
A new Linux backdoor is hitting US universities and governments
Red wine being poured into glass
World's most popular Windows emulator finally supports OpenGL, ARM64EC and high-DPI displays
ExpressVPN's new Linux app interface
ExpressVPN releases a major upgrade to its Linux app
Close up of the Linux penguin.
Best Linux distro for Windows users of 2025
Windows 11 Start menu layout choices: Grid view
Windows 11 vs Linux for business: which operating system should you embrace?
An image of network security icons for a network encircling a digital blue earth.
Wireshark to the cloud! Founders tell us about open source, Windows v Linux, and more
Latest in Pro
Branch office chairs next to a TechRadar-branded badge that reads Big Savings.
This office chair deal wins the Amazon Spring Sale for me and it's so good I don't expect it to last
Saily eSIM by Nord Security
"Much more than just an eSIM service" - I spoke to the CEO of Saily about the future of travel and its impact on secure eSIM technology
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
FlexiSpot office furniture next to a TechRadar-branded badge that reads Big Savings.
Upgrade your home office for under $500 in the Amazon Spring Sale: My top picks and biggest savings
Beelink EQi 12 mini PC
I’ve never seen a PC with an Intel Core i3 CPU, 24GB RAM, 500GB SSD and two Gb LAN ports sell for so cheap
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
More about pro
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop

One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
Page shows the getting started page on the Notability app.

I enjoyed testing this satisfying note-taking app, but its collaboration skills were weak
Nimo N172 laptop

This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
See more latest
Most Popular
Nimo N172 laptop
This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop
One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event