-
源码github地址
-
安装文档
-
示例
-
Ubuntu 18.04, 20.04 & 21.04
wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb sudo dpkg -i packages-microsoft-prod.deb sudo apt-get update sudo apt-get install sysmonforlinux
-
- package安装方式,可以执行sysmon命令
- 配置 启动:sysmon -c config.xml
- 配置文件config.xml示例
0x03 日志输出
- 默认会输出到syslog中,
- 在sysmon service 启动后,可以通过sysmon提供的查看工具进行查看
- sudo tail -f /var/log/syslog | /opt/sysmon/sysmonLogView
- https://github.com/Sysinternals/SysmonForLinux
- https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/2847054
- https://github.com/OTRF/OSSEM-DD/tree/main/linux/sysmon
- https://gist.github.com/Cyb3rWard0g/bcf1514cc340197f0076bf1da8954077
- https://github.com/microsoft/MSTIC-Sysmon
