Microsoft releases Process Monitor tool Procmon for Linux

Microsoft revealed some time ago that it had plans to port some of the tools provided by Sysinternals to Linux. One of the tools mentioned was Process Monitor, or short ProcMon, and a preview of the application is now available for Linux.
Process Monitor is an advanced monitoring tool for Windows that displays real-time data such as Registry, process and thread activity. It is a powerful tool that supports logging the information to files for later analysis.
The program is highly configurable, supports non-destructive filters, the capturing of thread stacks, process details capturing, and boot time logging of operations.
The Linux version of Procmon is now available on GitHub. The open source tool has been released as a preview.
Since it is released as a preview, it is limited to systems running Ubuntu 18.04 with kernel 4.18 up to 5.3 at the time of writing. Several users tried to build or install the process monitor tool on Ubuntu 20.04 systems and failed.
Microsoft plans to add more configurations to the system requirements in the future to take these systems into account.
Installation instructions on Ubuntu 18.04 devices are straightforward. Run the following commands:
- wget -q https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb - sudo apt-get update
- sudo apt-get install procmon
Build instructions are provided as well on the project's GitHub website, and Linux users may download a .deb file from the releases section on the project's GitHub page.
You may run procmon -h after installation to display the help screen. Here are a few example commands that you may run:
- sudo procmon // runs the process monitor tool to trace all processes and syscalls.
- sudo procmon -p 1337 -c procmon.db // traces the process 1337 in headless mode and saves the data to the file procmon.db
- sudo procmon -p 1337 -e read,write,openat // traces syscalls read, write, and opennat of process 1337
- sudo procmon -f procmon.db // opens the trace file procmon.db within the interface.
Closing Words
Procmon is a powerful system monitoring tool for advanced uses. The Linux version comes without the help file that the Windows version of Procmon includes. Since it is offered as a preview, it is possible that a help file will be provided once the program is offered as a stable release.


Bit pointless as Linux already has powerful tracing commands, such as strace.
They should put more effort into Windows. Settings is still trash after 7 years. It was brought over from Windows 8, yet in Windows 10 its still awful as it was in Windows 8.
Next up, DirectX. Do it you chicken shits.
Why? Distros already come with useful versions of the same thing, Linux versions of Task Manager, for the unfamiliar.
MS’s consumer Linux stuff has been going on for years in a half hearted fashion; can’t help wonder when The Linux Division will be disbanded. Remember the Linux computers MS sold for a while? They did, not any more.
Azure uses Win Server 2008/Hyper V; users can interact using almost any OS(good move!), makes the overall Linux project kind of “Hey, we do some Linux stuff too…” vs. cloud development.
Beside Wine, experienced Linux users seem to mostly ignore MS, some rather vociferously. Snaps are causing a minor uprising (after decades of Windows B.S., they’re ok with me), MS would have to do a complete 180 and stay there for years to gain trust in the Linux community.
> MS would have to do a complete 180 and stay there for years to gain trust in the Linux community.
Also, I think everything MS would likewise need to be free, as the Linux community loves those freebies, although they can’t always agree with what “free” means.
There is not a shortage of good process and system monitoring tools for Linux. So what exactly would MS’s Procmon add, except being tool No. N+1?
I don’t understand why MS is devoting their time and money on making software made for Windows OS to operate on Linux OS.
@Alby
Process Monitor for Linux was requested by “our” community, who use both Windows and Linux, involving advanced monitoring of real-time data that needs to be logged to files for later analysis.
Note that “our” community in likely not your community, thus I reckon that is why you don’t understand.
TIP: Some simple searches can reveal all you don’t understand with such tech.
Azure afaik is running on Linux, they need these tools for internal use mostly.
It doesn’t, it’s running on a modified Windows server OS but as so many of their customers run Linux virtual machines on it i guess they want to provide those customers with ‘better’ tools, probably in the hope that they’ll consider switching some of the tasks they do on Linux to Windows.
htop
Since the Edge Browser changed to Chromium base, and Microsoft is on the Linux Foundation board, it may be Windows will go to Linux kernel?
Doubt it for application compatibility reasons. What they will be doing though is expanding on their Linux Bash Shell implementation within Windows.
Very nice that Microsoft publishes tools for Linux. Maybe, one day, their paying customers will be allowed to do crazy things like deciding how long they want to keep system restore points, how the default view mode templates for libraries look like, and other silly techy stuff like that.
“Very nice that Microsoft publishes tools for Linux.”
Never forget the sordid history of this malevolent institution. They aren’t doing this out of the goodness of their heart.
https://www.theregister.com/2001/06/02/ballmer_linux_is_a_cancer/