Microsoft releases its Process Monitoring tool Procmon for Linux users

0

Microsoft releases the open-source version of Windows “Process Monitor” Procmon Tool for Linux operating system

Microsoft’s love affair with Linux continues. It has released its famed process monitoring tool Procmon for Linux users. Procmon tool or Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity.  Procmon gives Windows users a single central access panel for system troubleshooting and rootkit detection.

In 2018, Microsoft has released the Linux version of ProcDump. Following ProcDump, Microsoft has now released a preview version 1.0 of Procmon (Process Monitor) utility for Linux-based operating systems.

Procmon v1.0 tool For Linux operating system

Microsoft had decided to release the open-source version Procmon tool for Linux users. While Linux already has several graphical and command-line process monitoring tools such as Top, Htop, and Stacer but Procmon is more of a registry and system process tool. Microsoft says that it will provide a more efficient way for Linux users to trace the system activity on Linux operating systems.

Procmon in use

How to download and install Procmon 1.0 tool on your Linux PC/laptop

Procmon can’t be compiled under the Windows Subsystem for Linux (WSL) due to the lack of the Kernel event tracking feature. You can, however, install it independently on your Linux distro by following the below procedure or following the instructions on Microsoft’s GitHub page. To compile Procmon for Linux, Microsoft states that you will need to be running Ubuntu 18.04 LTS or later, have CMake 3.13 or later, and libsqlite3-dev installed.

To compile Procmon, you should run the following command:

sudo apt-get update
sudo apt-get -y install bison build-essential flex git libedit-dev libllvm6.0 llvm-6.0-dev libclang-6.0-dev python zlib1g-dev libelf-dev cmake libsqlite3-dev

Now you need to build BCC using the following commands:

git clone –branch tag_v0.10.0 https://github.com/iovisor/bcc.git
mkdir bcc/build
cd bcc/build
cmake .. -DCMAKE_INSTALL_PREFIX=/usr
make
sudo make install

You can build Procmon tool with these commands:

cd ../..
git clone https://github.com/Microsoft/Procmon-for-Linux
cd Procmon-for-Linux
mkdir build
cd build
cmake ..
make
make install

How to use Procmon v1.0 tool

Usage: procmon [OPTIONS]
OPTIONS
-h/–help Prints this help screen
-p/–pids Comma separated list of process ids to monitor
-e/–events Comma separated list of system calls to monitor
-c/–collect [FILEPATH] Option to start Procmon in a headless mode
-f/–file FILEPATH Open a Procmon trace file

Once Procmon is compiled, it will be installed to /usr/bin/procmon. The Debian package for the Procmon v1.0 tool is available for download here.

Share.

About Author

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had." Eric Schmidt

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments