Microsoft Brings Its Own Open-Source Procmon For Linux

Procmon For Linux

Procmon is a Windows utility that monitors the system calls, Registry access, and file activity for processes running in the operating system. This week Microsoft has released a Linux version of the popular Procmon utility that Linux users can monitor running processes.

Above all, this application scans the table of running processes, killing those that has exceeds a given CPU-time limit or has gone for lunch. Filtering of processes is optionally done on command name, ranging from absolute to fuzzy.

What is Procmon for GNU/Linux

On the official GitHub page for the project, Microsoft explains:

The Procmon is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.

How Procmon works

When using it, you can specify the process IDs that you would like to monitor or specific system calls using the following arguments:

Usage: procmon [OPTIONS]
   OPTIONS
      -h/--help                Prints this help screen
      -p/--pids                Comma separated list of process ids to monitor
      -e/--events              Comma separated list of system calls to monitor
      -c/--collect [FILEPATH]  Option to start Procmon in a headless mode
      -f/--file FILEPATH       Open a Procmon trace file
Procmon for Linux

Microsoft released the source code to their Procmon Linux version and is marked as a 1.0 preview release. Microsoft is also making available a Debian/Ubuntu package of this preview build.

Building Procmon for Linux

Since it is released as a preview, it is limited to systems running Ubuntu 18.04 with kernel 4.18 up to 5.3 at the time of writing. Several users tried to build or install the process monitor tool on Ubuntu 20.04 systems and failed.

Microsoft plans to add more configurations to the system requirements in the future to take these systems into account.

Installation instructions on Ubuntu 18.04 devices are straightforward. Run the following commands:

wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install procmon

Unfortunately, Procmon cannot be compiled under WSL due to the lack of Kernel event tracing.

Consclusion

Linux already has several graphical and command-line process monitoring tools such as Top, Htop, and Stacer. However, Procmon is the freshly-baked official Linux version of the Windows Process Monitor tool. It is a powerful system monitoring tool for advanced uses. In addition, the Linux version comes without the help file that the Windows version of Procmon includes.

Leave a Reply

Your email address will not be published.