Microsoft releases the open-source version of Windows “Process Monitor” Procmon Tool for Linux operating system
- 1 Microsoft releases the open-source version of Windows “Process Monitor” Procmon Tool for Linux operating system
- 2 Procmon v1.0 tool For Linux operating system
- 3 How to download and install Procmon 1.0 tool on your Linux PC/laptop
Microsoft’s love affair with Linux continues. It has released its famed process monitoring tool Procmon for Linux users. Procmon tool or Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity. Procmon gives Windows users a single central access panel for system troubleshooting and rootkit detection.
In 2018, Microsoft has released the Linux version of ProcDump. Following ProcDump, Microsoft has now released a preview version 1.0 of Procmon (Process Monitor) utility for Linux-based operating systems.
Procmon v1.0 tool For Linux operating system
Microsoft had decided to release the open-source version Procmon tool for Linux users. While Linux already has several graphical and command-line process monitoring tools such as Top, Htop, and Stacer but Procmon is more of a registry and system process tool. Microsoft says that it will provide a more efficient way for Linux users to trace the system activity on Linux operating systems.
How to download and install Procmon 1.0 tool on your Linux PC/laptop
Procmon can’t be compiled under the Windows Subsystem for Linux (WSL) due to the lack of the Kernel event tracking feature. You can, however, install it independently on your Linux distro by following the below procedure or following the instructions on Microsoft’s GitHub page. To compile Procmon for Linux, Microsoft states that you will need to be running Ubuntu 18.04 LTS or later, have CMake 3.13 or later, and libsqlite3-dev installed.
To compile Procmon, you should run the following command:
sudo apt-get update
sudo apt-get -y install bison build-essential flex git libedit-dev libllvm6.0 llvm-6.0-dev libclang-6.0-dev python zlib1g-dev libelf-dev cmake libsqlite3-dev
Now you need to build BCC using the following commands:
git clone –branch tag_v0.10.0 https://github.com/iovisor/bcc.git
cmake .. -DCMAKE_INSTALL_PREFIX=/usr
sudo make install
You can build Procmon tool with these commands:
git clone https://github.com/Microsoft/Procmon-for-Linux
How to use Procmon v1.0 tool
Usage: procmon [OPTIONS]
-h/–help Prints this help screen
-p/–pids Comma separated list of process ids to monitor
-e/–events Comma separated list of system calls to monitor
-c/–collect [FILEPATH] Option to start Procmon in a headless mode
-f/–file FILEPATH Open a Procmon trace file
Once Procmon is compiled, it will be installed to /usr/bin/procmon. The Debian package for the Procmon v1.0 tool is available for download here.