Microsoft revealed a while in the past that it had plans to port a few of the instruments supplied by Sysinternals to Linux. One of the instruments talked about was Process Monitor, or brief ProcMon, and a preview of the applying is now out there for Linux.
Process Monitor is a sophisticated monitoring tool for Windows that shows real-time knowledge akin to Registry, course of and thread exercise. It is a strong tool that helps logging the data to information for later evaluation.
The program is very configurable, helps non-destructive filters, the capturing of thread stacks, course of particulars capturing, and boot time logging of operations.
The Linux model of Procmon is now out there on GitHub. The open supply tool has been launched as a preview.
Since it’s launched as a preview, it’s restricted to methods operating Ubuntu 18.04 with kernel four.18 as much as 5.three on the time of writing. Several customers tried to construct or set up the method monitor tool on Ubuntu 20.04 methods and failed.
Microsoft plans so as to add extra configurations to the system necessities sooner or later to take these methods under consideration.
Installation directions on Ubuntu 18.04 gadgets are simple. Run the next instructions:
- wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
- sudo apt-get replace
- sudo apt-get set up procmon
Build directions are supplied as properly on the challenge’s GitHub web site, and Linux customers might obtain a .deb file from the releases section on the challenge’s GitHub web page.
You might run procmon -h after set up to show the assistance display screen. Here are just a few instance instructions that you could be run:
- sudo procmon // runs the method monitor tool to hint all processes and syscalls.
- sudo procmon -p 1337 -c procmon.db // traces the method 1337 in headless mode and saves the info to the file procmon.db
- sudo procmon -p 1337 -e learn,write,openat // traces syscalls learn, write, and opennat of course of 1337
- sudo procmon -f procmon.db // opens the hint file procmon.db throughout the interface.
Procmon is a strong system monitoring tool for superior makes use of. The Linux model comes with out the assistance file that the Windows model of Procmon consists of. Since it’s supplied as a preview, it’s potential assist file might be supplied as soon as this system is obtainable as a secure launch.