Sysmon for Linux

Forensics & Incident Response

A Linux system‑monitoring tool that logs process activity, network connections, and file writes to help detect malicious behavior

Track releases GitHub

C Latest 1.5.2 · 27d ago Security brief →

Features

Logs detailed process lifetime events
Captures network connection information
Records filesystem write operations
Provides a human‑readable log viewer (sysmonLogView)
Supports BTF for accurate kernel offset discovery

Recent releases

View all 3 releases →

1.5.1.0 Bug fix 3mo

Fixed clang optimizations causing eBPF verifier load errors.

Changelog

Changes:

Fix clang optimizations resulting in eBPF verifier load errors (#224)

View release on GitHub

1.5.0.0 New feature 3mo

Notable features

Add EBPF event (#221)

Changelog

Changes:

Add EBPF event (#221)

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Releases

View all →

Releases per month

Cadence 0.1 / wk

Last release 27d

Tracked 3

Security

Full profile →

Security score 8.3/10

OpenSSF 6.4/10

Open CVEs 0

Active maintainer

Community

GitHub stars 2,107

Forks 213

Open issues 38

Open PRs 5

Stars/wk velocity 0.0

About

Stars

2,107

Forks

213

Languages

C C++ Python

View on GitHub

Install & Platforms

Platforms

linux

Similar tools

ProcMon for Linux

Rizin

OpenSpace

AionUi

Umbraco