Sysmon for Linux

Free

Updated 11 March 2025

Sysmon for Linux is a tool that monitors and logs system activity including process lifetime, network connections, file system writes, and more. Sysmon works across reboots and uses advanced filtering to help identify malicious activity as well as how intruders and malware operate on your network. Installation: The packages are available in the official Microsoft Linux repositories and instructions on how to install the packages for the different Linux distributions can be found in the Installation instructions. Build: Please see build instructions here. Autodiscovery of Offsets: On systems that are BTF enabled, Sysmon will use BTF for accurate kernel offsets. Sysmon also supports specifying standalone BTF files (using /BTF switch). There are several ways to generate BTF files and BTFHub has a number of standalone BTF files for different distributions/kernels. If BTF isn't available, Sysmon attempts to automatically discover the offsets of some members of some kernel structs. If this fails, please provide details of the kernel version (and config if possible).

FEATURES

The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.

EXPLORE BY TAGS

Sysmon

Linux

Security Monitoring

SIMILAR TOOLS

Graylog

Graylog offers advanced log management and SIEM capabilities to enhance security and compliance across various industries.

Commercial

SIEM

Starbase

Democratizing graph-based security analysis by collecting assets and relationships from services and systems into an intuitive graph view.

Free

SIEM

LogSlash

A method for log volume reduction without losing analytical capability.

Free

SIEM

syslog-ng

A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.

Commercial

SIEM

RedELK

RedELK enhances Red Team operations with SIEM capabilities to monitor and alert on Blue Team activities.

Free

SIEM

Procmon for Linux

Procmon for Linux is a reimagining of the classic Procmon tool from Windows, allowing Linux developers to trace syscall activity efficiently.

Free

SIEM

Log Parser Lizard

A dynamic GUI for advanced log analysis, allowing users to execute SQL queries on structured log data.

Free

SIEM

nfdump

A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.

Free

SIEM

Elastic

Elasticsearch is a versatile platform for centralized data storage, fast search, and scalable analytics.

Free

SIEM

PINNED

Proton Pass

Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.

Data Protection

NordVPN

NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.

Network Security

Mandos

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security