Microsoft has launched a Linux version of Procmon, a classic process monitoring tool.

Microsoft recently created a Linux version of the Process Monitor application in the Windows Sysinternal stool set and opensourced it under the MIT protocol. Process Monitor (Procmon) is a process monitoring tool that provides developers with an easy and effective way to track system calls ( syscall) activity. The tool can help diagnose problems such as program crashes, high resource usage, and even potential malicious infections.

Microsoft has launched a Linux version of Procmon, a classic process monitoring tool.

Procmon on Windows.

The Sysinternals toolset is classic and powerful on Windows. Linux users can now also try procmon to monitor the system process.

Microsoft has launched a Linux version of Procmon, a classic process monitoring tool.

Procmon on Linux.

When using Procmon on Linux, you can specify the process ID or specific system calls to monitor using the following parameters:

Usage: procmon [OPTIONS]    OPTIONS       -h/–help                Prints this help screen       -p/–pids                Comma separated list of process ids to monitor       -e/–events              Comma separated list of system calls to monitor       -c/–collect [FILEPATH]  Option to start Procmon in a headless mode       -f/–file FILEPATH       Open a Procmon trace file

Suppose you want to monitor process IDs 738 and 2657:

sudo procmon -p 738,2657

To monitor all read and write calls listed by PID 738, you can use the following commands:

sudo procmon -p 738 -e read,write

Currently, you need AUbuntu 18.04 LTS to build a Linux procmon application, a kernel requirement of 4.18 and above, and no more than 5.3.