Procmon is a Windows utility that monitors the system calls, Registry access, and file activity for processes running in the operating system. This week Microsoft has released a Linux version of the popular Procmon utility that Linux users can monitor running processes.
Above all, this application scans the table of running processes, killing those that has exceeds a given CPU-time limit or has gone for lunch. Filtering of processes is optionally done on command name, ranging from absolute to fuzzy.
What is Procmon for GNU/Linux
On the official GitHub page for the project, Microsoft explains:
The Procmon is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.
How Procmon works
When using it, you can specify the process IDs that you would like to monitor or specific system calls using the following arguments:
Usage: procmon [OPTIONS] OPTIONS -h/--help Prints this help screen -p/--pids Comma separated list of process ids to monitor -e/--events Comma separated list of system calls to monitor -c/--collect [FILEPATH] Option to start Procmon in a headless mode -f/--file FILEPATH Open a Procmon trace file
Microsoft released the source code to their Procmon Linux version and is marked as a 1.0 preview release. Microsoft is also making available a Debian/Ubuntu package of this preview build.
Building Procmon for Linux
Since it is released as a preview, it is limited to systems running Ubuntu 18.04 with kernel 4.18 up to 5.3 at the time of writing. Several users tried to build or install the process monitor tool on Ubuntu 20.04 systems and failed.
Microsoft plans to add more configurations to the system requirements in the future to take these systems into account.
Installation instructions on Ubuntu 18.04 devices are straightforward. Run the following commands:
wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb sudo dpkg -i packages-microsoft-prod.deb sudo apt-get update sudo apt-get install procmon
Unfortunately, Procmon cannot be compiled under WSL due to the lack of Kernel event tracing.
Linux already has several graphical and command-line process monitoring tools such as Top, Htop, and Stacer. However, Procmon is the freshly-baked official Linux version of the Windows Process Monitor tool. It is a powerful system monitoring tool for advanced uses. In addition, the Linux version comes without the help file that the Windows version of Procmon includes.