[root@hunter-0003 build]# make [ 0%] Built target sysmonEBPFkern5.6- [ 0%] Built target sysmonEBPFkern5.3-5.5 [ 1%] Extracting sysmonmsg.mc.utf16 /usr/lib/monodevelop/AddIns/MonoDevelop.TextTemplating/TextTransform.exe: /usr/lib/monodevelop/AddIns/MonoDevelop.TextTemplating/TextTransform.exe: cannot execute binary file make[2]: *** [sysmonmsg.mc.utf16] Error 126 make[1]: *** [CMakeFiles/sysmonLogView.dir/all] Error 2 make: *** [all] Error 2

Please help

Hi, I'm having trouble using the package for CentOS 7. Installation fails with following:

[john@localhost ~]$ sudo yum install sysmonforlinux
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: merlin.fit.vutbr.cz
 * extras: merlin.fit.vutbr.cz
 * updates: merlin.fit.vutbr.cz
Resolving Dependencies
--> Running transaction check
---> Package sysmonforlinux.x86_64 0:1.0.0-1 will be installed
--> Processing Dependency: libstdc++.so.6(CXXABI_1.3.9)(64bit) for package: sysmonforlinux-1.0.0-1.x86_64
--> Processing Dependency: libsysinternalsEBPF.so()(64bit) for package: sysmonforlinux-1.0.0-1.x86_64
--> Running transaction check
---> Package sysinternalsebpf.x86_64 0:1.0.0-1 will be installed
--> Processing Dependency: libc.so.6(GLIBC_2.26)(64bit) for package: sysinternalsebpf-1.0.0-1.x86_64
--> Processing Dependency: libjson-glib-1.0.so.0()(64bit) for package: sysinternalsebpf-1.0.0-1.x86_64
---> Package sysmonforlinux.x86_64 0:1.0.0-1 will be installed
--> Processing Dependency: libstdc++.so.6(CXXABI_1.3.9)(64bit) for package: sysmonforlinux-1.0.0-1.x86_64
--> Running transaction check
---> Package json-glib.x86_64 0:1.4.2-2.el7 will be installed
---> Package sysinternalsebpf.x86_64 0:1.0.0-1 will be installed
--> Processing Dependency: libc.so.6(GLIBC_2.26)(64bit) for package: sysinternalsebpf-1.0.0-1.x86_64
---> Package sysmonforlinux.x86_64 0:1.0.0-1 will be installed
--> Processing Dependency: libstdc++.so.6(CXXABI_1.3.9)(64bit) for package: sysmonforlinux-1.0.0-1.x86_64
--> Finished Dependency Resolution
Error: Package: sysinternalsebpf-1.0.0-1.x86_64 (packages-microsoft-com-prod)
           Requires: libc.so.6(GLIBC_2.26)(64bit)
Error: Package: sysmonforlinux-1.0.0-1.x86_64 (packages-microsoft-com-prod)
           Requires: libstdc++.so.6(CXXABI_1.3.9)(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

This was a clean and updated CentOS 7 VM (minimal). I'm not 100% sure, but I don't think glibc 2.26 is in the official CentOS 7 repos.

I know that the source is fixed, but when will new packages addressing https://github.com/Sysinternals/SysmonForLinux/issues/9 be available? I feel like this is bug really affects being able have confidence in proper operation and adopt the usage of S4L in a consistent and scalable fashion. Thanks, as always, for the great work! I am really looking forward to being able to have this deployed at scale.

Following this site instructions, I installed sysmonForLinux on openSUSE Tumbleweed. I ran sysmon and it's working. However, log file "/var/log/syslog" doesn't appear and even sysmonLogView doesn't show nothing. Where is located that file in my system?

Thank you

Hi, I followed all the steps in this article on Ubuntu 20.04: https://techcommunity.microsoft.com/t5/azure-sentinel/automating-the-deployment-of-sysmon-for-linux-and-azure-sentinel/ba-p/2847054. When I try to execute sudo sysmon -accepteula -i sysmonconfig.xml I get Error: Failed to open xml configuration: config.xml (No such file or directory). Where can I find the config file or how to generate it?

Regards

Running on a low activity test debian 10 system, with a filter for just process creates, and sysmon crashed after 5 minutes of not receiving any events.

Oct 14 20:39:16 lsys sysmon[1641]: Event timeout occurred (no event for 300 seconds). Reloading eBPF...
Oct 14 20:39:17 lsys sysmon[1641]: sedsid() failed.
Oct 14 20:39:17 lsys sysmon[1641]: Could not automatically discover kernel offsets.
Oct 14 20:39:17 lsys sysmon[1641]: Build and run the get_offsets module to generate the offsets config file:
Oct 14 20:39:17 lsys sysmon[1641]: /opt/sysinternalsEBPF/sysinternalsEBPF_offsets.conf
Oct 14 20:39:17 lsys sysmon[1641]: Reloaded eBPF due to event timeout
Oct 14 20:39:17 lsys kernel: [ 3109.759945] sysmon[1672]: segfault at 40 ip 00007fe5c2f867f3 sp 00007ffd73847fc0 error 4 in libsysinternalsEBPF.so[7fe5c2f64000+40000] 
Oct 14 20:39:17 lsys systemd[1]: sysmon.service: Main process exited, code=killed, status=11/SEGV
Oct 14 20:39:17 lsys systemd[1]: sysmon.service: Failed with result 'signal'.

Here's my sysmon config for reference

<Sysmon schemaversion="4.70">
        <EventFiltering>
                <RuleGroup name="" groupRelation="or">
                        <ProcessCreate onmatch="exclude"/>
                </RuleGroup>
        </EventFiltering>
</Sysmon>

I could not install this in AMD cpu server it say;

[root@centos]# yum install -y sysmonforlinux DigitalOcean Droplet Agent 36 kB/s | 3.3 kB 00:00
Package sysmonforlinux-1.0.0-1.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete!

[root@centos]# sysmon -acceptuela -i sysmonconfig.xml

Sysmon v1.0.0 - Monitors system events Sysinternals - www.sysinternals.com By Mark Russinovich, Thomas Garnier and Kevin Sheldrake Copyright (C) 2014-2021 Microsoft Corporation Using libxml2. libxml2 is Copyright (C) 1998-2012 Daniel Veillard. All Rights Reserved.

Usage: Install: sysmon -i [] Update configuration: sysmon -c [] Print schema: sysmon -s Uninstall: sysmon -u [force] -c Update configuration of an installed Sysmon driver or dump the current configuration if no other argument is provided. Optionally take a configuration file. -i Install service and driver. Optionally take a configuration file. -s Print configuration schema definition of the specified version. Specify 'all' to dump all schema versions (default is latest)). -u Uninstall service and driver. Adding force causes uninstall to proceed even when some components are not installed.

The service logs events immediately and the driver installs as a boot-start driver to capture activity from early in the boot that the service will write to the event log when it starts.

On Linux, events are stored in the Syslog, often found at /var/log/syslog.

Use the '-? config' command for configuration file documentation. More examples are available on the Sysinternals website.

**Specify -accepteula to automatically accept the EULA on installation.

Neither install nor uninstall requires a reboot.**

[root@centos]# cat /etc/os-release NAME="CentOS Linux" VERSION="8" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="8" PLATFORM_ID="platform:el8" PRETTY_NAME="CentOS Linux 8" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:8" HOME_URL="https://centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-8" CENTOS_MANTISBT_PROJECT_VERSION="8" [root@centos]# cat /etc/redhat-release CentOS Linux release 8.3.2011

I'm trying to compile it on Ubuntu 20.04, 5.4.0-88-generic

Scanning dependencies of target sysmonLogView
[ 10%] Building CXX object CMakeFiles/sysmonLogView.dir/sysmonLogView/sysmonLogView.cpp.o
[ 11%] Building C object CMakeFiles/sysmonLogView.dir/sysmonLogView/sysmonGetEventName.c.o
[ 12%] Building C object CMakeFiles/sysmonLogView.dir/sysmonmsgop.c.o
[ 13%] Linking CXX executable sysmonLogView
[ 13%] Built target sysmonLogView
[ 13%] Built target sysmonEBPFkern5.3-5.5
[ 15%] Building C object CMakeFiles/checkEBPFsizes.dir/checkEBPFsizes/checkEBPFsizes.c.o
[ 16%] Linking C executable checkEBPFsizes
[ 16%] Built target checkEBPFsizes
[ 17%] Building C object CMakeFiles/mysleep.dir/test/mysleep.c.o
[ 18%] Linking C executable mysleep
[ 18%] Built target mysleep
[ 19%] Packing manifest.xml into manifest.xml.o
make[2]: *** No rule to make target '/opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_helpers.c', needed by 'sysmonEBPFkern4.15.o'.  Stop.
make[1]: *** [CMakeFiles/Makefile2:232: CMakeFiles/sysmon.dir/all] Error 2
make: *** [Makefile:84: all] Error 2

Correction on readme page regarding CLI command for viewing syslog logs via SysmonLogView is required.

The provided code mentions:

sudo tail -f /var/log/syslog | /opt/sysmon/sysmonLogView

But the output will be provided as per sudo tail -f /var/log/syslog | sudo /opt/sysmon/sysmonLogView

Hope this helps!

x64@Ubuntu16:~/app/SysmonForLinux/build$ sudo apt-get install monodevelop Reading package lists... Done Building dependency tree
Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation:

The following packages have unmet dependencies: monodevelop : Depends: mono-runtime-sgen but it is not going to be installed Depends: fsharp but it is not going to be installed Depends: mono-runtime (>= 3.0~) but it is not going to be installed Depends: libc6 (>= 2.27) but 2.23-0ubuntu11.3 is to be installed or libc6.1 (>= 2.27) but it is not installable or libc0.1 (>= 2.27) but it is not installable Depends: libfontconfig1 (>= 2.12) but 2.11.94-0ubuntu1.1 is to be installed Depends: libfsharp-core4.5-cil (>= 4.5) but it is not going to be installed Depends: libglade2.0-cil (>= 2.12.45) but it is not going to be installed Depends: libglib2.0-0 (>= 2.56.4) but 2.48.2-0ubuntu4.8 is to be installed Depends: libglib2.0-cil (>= 2.12.45) but it is not going to be installed Depends: libgtk2.0-cil (>= 2.12.45) but it is not going to be installed Depends: libmono-cairo4.0-cil (>= 3.2.1) but it is not going to be installed Depends: libmono-corlib4.5-cil (>= 4.0.0~alpha1) but it is not going to be installed Depends: libmono-microsoft-csharp4.0-cil (>= 1.0) but it is not going to be installed Depends: libmono-microsoft-web-infrastructure1.0-cil (>= 1.0) but it is not going to be installed Depends: libmono-posix4.0-cil (>= 4.0.0~alpha1) but it is not going to be installed Depends: libmono-system-componentmodel-composition4.0-cil (>= 3.0.6) but it is not going to be installed Depends: libmono-system-componentmodel-dataannotations4.0-cil (>= 4.0.0~alpha1) but it is not going to be installed Depends: libmono-system-configuration4.0-cil (>= 4.0.0~alpha1) but it is not going to be installed Depends: libmono-system-core4.0-cil (>= 4.0.0~alpha1) but it is not going to be installed Depends: libmono-system-data-entity4.0-cil (>= 1.0) but it is not going to be installed Depends: libmono-system-data-linq4.0-cil (>= 1.0) but it is not going to be installed Depends: libmono-system-data4.0-cil (>= 4.0.0~alpha1) but it is not going to be installed Depends: libmono-system-design4.0-cil (>= 1.0) but it is not going to be installed Depends: libmono-system-drawing4.0-cil (>= 3.0.6) but it is not going to be installed Depends: libmono-system-identitymodel4.0-cil (>= 4.0.0~alpha1) but it is not going to be installed Depends: libmono-system-io-compression4.0-cil (>= 3.2.1) but it is not going to be installed Depends: libmono-system-net-http4.0-cil (>= 1.0) but it is not going to be installed Depends: libmono-system-numerics4.0-cil (>= 1.0) but it is not going to be installed Depends: libmono-system-runtime-caching4.0-cil (>= 4.0.0~alpha1) but it is not going to be installed Depends: libmono-system-runtime-serialization4.0-cil (>= 4.0.0~alpha1) but it is not going to be installed Depends: libmono-system-runtime4.0-cil (>= 2.10.1) but it is not going to be installed Depends: libmono-system-security4.0-cil (>= 1.0) but it is not going to be installed Depends: libmono-system-servicemodel4.0a-cil (>= 3.2.3) but it is not going to be installed Depends: libmono-system-web-extensions4.0-cil (>= 2.10.3) but it is not going to be installed Depends: libmono-system-web-services4.0-cil (>= 1.0) but it is not going to be installed Depends: libmono-system-web4.0-cil (>= 2.10.3) but it is not going to be installed Depends: libmono-system-windows-forms4.0-cil (>= 1.0) but it is not going to be installed Depends: libmono-system-xaml4.0-cil (>= 1.0) but it is not going to be installed Depends: libmono-system-xml-linq4.0-cil (>= 3.0.6) but it is not going to be installed Depends: libmono-system-xml4.0-cil (>= 3.12.0) but it is not going to be installed Depends: libmono-system4.0-cil (>= 4.0.0~alpha1) but it is not going to be installed Depends: libmono-windowsbase4.0-cil (>= 3.0.6) but it is not going to be installed Depends: libpango-1.0-0 (>= 1.40.14) but 1.38.1-1 is to be installed Depends: libpangocairo-1.0-0 (>= 1.40.14) but 1.38.1-1 is to be installed Depends: monodoc-base (>= 3.2.1) but it is not going to be installed Depends: msbuild but it is not going to be installed Recommends: libgtk2.0-cil-dev but it is not going to be installed Recommends: mono-devel but it is not going to be installed Recommends: xamarin-gtk-theme but it is not going to be installed E: Unable to correct problems, you have held broken packages. x64@Ubuntu16:~/app/SysmonForLinux/build$

hello developer,I have no idea why i can't install monodevelop,maybe beacause i installed wine and sourceInsight before... i try this method but it still doesn't work: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
echo "deb http://download.mono-project.com/repo/debian wheezy main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list
sudo apt-get update

The following is happening in Ubuntu 21.10 Impish on a Raspberry Pi 4, I have completed the previous steps and everything works find for the previous library that must be compiled, it is with Sysmon that this breaks with the following message:

[  1%] Extracting sysmonmsg.mc.utf16
[  2%] Extracting sysmonmsgop.man.utf16
[  3%] Converting sysmonmsgop.man.utf16 to UTF8
[  4%] Extracting sysmonmsgop.c from sysmonmsgop.man
[  5%] Extracting sysmonevents.h.utf16
Warning skip check of User due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of User due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of User due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of User due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of CommandLine due to misalignment
Warning skip check of CurrentDirectory due to misalignment
Warning skip check of User due to misalignment
Warning skip check of LogonGuid due to misalignment
Warning skip check of LogonId due to misalignment
Warning skip check of TerminalSessionId due to misalignment
Warning skip check of IntegrityLevel due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of ParentProcessGuid due to misalignment
Warning skip check of ParentProcessId due to misalignment
Warning skip check of ParentImage due to misalignment
Warning skip check of ParentCommandLine due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Signed due to misalignment
Warning skip check of Signature due to misalignment
Warning skip check of SignatureStatus due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of CommandLine due to misalignment
Warning skip check of CurrentDirectory due to misalignment
Warning skip check of User due to misalignment
Warning skip check of LogonGuid due to misalignment
Warning skip check of LogonId due to misalignment
Warning skip check of TerminalSessionId due to misalignment
Warning skip check of IntegrityLevel due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of ParentProcessGuid due to misalignment
Warning skip check of ParentProcessId due to misalignment
Warning skip check of ParentImage due to misalignment
Warning skip check of ParentCommandLine due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Signed due to misalignment
Warning skip check of Signature due to misalignment
Warning skip check of SignatureStatus due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of FileVersion due to misalignment
Warning skip check of Description due to misalignment
Warning skip check of Product due to misalignment
Warning skip check of Company due to misalignment
Warning skip check of CommandLine due to misalignment
Warning skip check of CurrentDirectory due to misalignment
Warning skip check of User due to misalignment
Warning skip check of LogonGuid due to misalignment
Warning skip check of LogonId due to misalignment
Warning skip check of TerminalSessionId due to misalignment
Warning skip check of IntegrityLevel due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of ParentProcessGuid due to misalignment
Warning skip check of ParentProcessId due to misalignment
Warning skip check of ParentImage due to misalignment
Warning skip check of ParentCommandLine due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of CreationUtcTime due to misalignment
Warning skip check of PreviousCreationUtcTime due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of User due to misalignment
Warning skip check of Protocol due to misalignment
Warning skip check of Initiated due to misalignment
Warning skip check of SourceIsIpv6 due to misalignment
Warning skip check of SourceIp due to misalignment
Warning skip check of SourceHostname due to misalignment
Warning skip check of SourcePort due to misalignment
Warning skip check of SourcePortName due to misalignment
Warning skip check of DestinationIsIpv6 due to misalignment
Warning skip check of DestinationIp due to misalignment
Warning skip check of DestinationHostname due to misalignment
Warning skip check of DestinationPort due to misalignment
Warning skip check of DestinationPortName due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ImageLoaded due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Signed due to misalignment
Warning skip check of Signature due to misalignment
Warning skip check of SignatureStatus due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of ImageLoaded due to misalignment
Warning skip check of FileVersion due to misalignment
Warning skip check of Description due to misalignment
Warning skip check of Product due to misalignment
Warning skip check of Company due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Signed due to misalignment
Warning skip check of Signature due to misalignment
Warning skip check of SignatureStatus due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of SourceProcessGuid due to misalignment
Warning skip check of SourceProcessId due to misalignment
Warning skip check of SourceImage due to misalignment
Warning skip check of TargetProcessGuid due to misalignment
Warning skip check of TargetProcessId due to misalignment
Warning skip check of TargetImage due to misalignment
Warning skip check of NewThreadId due to misalignment
Warning skip check of StartAddress due to misalignment
Warning skip check of StartModule due to misalignment
Warning skip check of StartFunction due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of Device due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of SourceProcessGUID due to misalignment
Warning skip check of SourceProcessId due to misalignment
Warning skip check of SourceThreadId due to misalignment
Warning skip check of SourceImage due to misalignment
Warning skip check of TargetProcessGUID due to misalignment
Warning skip check of TargetProcessId due to misalignment
Warning skip check of TargetImage due to misalignment
Warning skip check of GrantedAccess due to misalignment
Warning skip check of CallTrace due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of CreationUtcTime due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetObject due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetObject due to misalignment
Warning skip check of Details due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetObject due to misalignment
Warning skip check of NewName due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of CreationUtcTime due to misalignment
Warning skip check of Hash due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of PipeName due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of Operation due to misalignment
Warning skip check of User due to misalignment
Warning skip check of EventNamespace due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Query due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of Operation due to misalignment
Warning skip check of User due to misalignment
Warning skip check of Name due to misalignment
Warning skip check of Type due to misalignment
Warning skip check of Destination due to misalignment
Warning skip check of EventType due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of Operation due to misalignment
Warning skip check of User due to misalignment
Warning skip check of Consumer due to misalignment
Warning skip check of Filter due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of TargetFilename due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Archived due to misalignment
Warning skip check of UtcTime due to misalignment
Warning skip check of ProcessGuid due to misalignment
Warning skip check of ProcessId due to misalignment
Warning skip check of Image due to misalignment
Warning skip check of Session due to misalignment
Warning skip check of ClientInfo due to misalignment
Warning skip check of Hashes due to misalignment
Warning skip check of Path due to misalignment
Warning skip check of Archived due to misalignment
[  6%] Converting sysmonevents.h.utf16 to UTF8
[  7%] Converting sysmonmsg.mc.utf16 to UTF8
[  8%] Extracting sysmonmsg.h from sysmonmsg.mc
[  9%] Extracting sysmonmsgop.h from sysmonmsgop.man
Scanning dependencies of target sysmonLogView
[ 10%] Building CXX object CMakeFiles/sysmonLogView.dir/sysmonLogView/sysmonLogView.cpp.o
[ 11%] Building C object CMakeFiles/sysmonLogView.dir/sysmonLogView/sysmonGetEventName.c.o
[ 12%] Building C object CMakeFiles/sysmonLogView.dir/sysmonmsgop.c.o
[ 13%] Linking CXX executable sysmonLogView
[ 13%] Built target sysmonLogView
[ 13%] Built target sysmonEBPFkern5.3-5.5
[ 15%] Building C object CMakeFiles/checkEBPFsizes.dir/checkEBPFsizes/checkEBPFsizes.c.o
[ 16%] Linking C executable checkEBPFsizes
[ 16%] Built target checkEBPFsizes
[ 17%] Building C object CMakeFiles/mysleep.dir/test/mysleep.c.o
[ 18%] Linking C executable mysleep
[ 18%] Built target mysleep
[ 19%] Packing manifest.xml into manifest.xml.o
[ 20%] Building EBPF object sysmonEBPFkern4.15.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern4.15.c:36:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_tp.c:35:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 21%] Packing sysmonEBPFkern4.15.o into sysmonEBPFkern4.15.o.o
[ 22%] Building EBPF object sysmonEBPFkern4.16.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern4.16.c:36:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_tp.c:35:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 23%] Packing sysmonEBPFkern4.16.o into sysmonEBPFkern4.16.o.o
[ 24%] Building EBPF object sysmonEBPFkern4.17-5.1.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern4.17-5.1.c:36:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_rawtp.c:31:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 25%] Packing sysmonEBPFkern4.17-5.1.o into sysmonEBPFkern4.17-5.1.o.o
[ 26%] Building EBPF object sysmonEBPFkern5.2.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern5.2.c:35:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_rawtp.c:31:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 27%] Packing sysmonEBPFkern5.2.o into sysmonEBPFkern5.2.o.o
[ 29%] Building EBPF object sysmonEBPFkern5.3-5.5.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern5.3-5.5.c:33:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_rawtp.c:31:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 30%] Packing sysmonEBPFkern5.3-5.5.o into sysmonEBPFkern5.3-5.5.o.o
[ 31%] Building EBPF object sysmonEBPFkern5.6-.o
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPFkern5.6-.c:33:
In file included from /root/SysmonForLinux/ebpfKern/sysmonGenericEntry_rawtp.c:31:
In file included from /root/SysmonForLinux/ebpfKern/sysmonEBPF_common.h:34:
In file included from /opt/sysinternalsEBPF/ebpfKern/sysinternalsEBPF_common.h:34:
/usr/include/stdint.h:26:10: fatal error: 'bits/libc-header-start.h' file not found
#include <bits/libc-header-start.h>
         ^~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
[ 32%] Packing sysmonEBPFkern5.6-.o into sysmonEBPFkern5.6-.o.o
[ 33%] Packing sysmonLogView into sysmonLogView.o
[ 34%] Copying sysmon.d
[ 35%] Packing sysmon.d into sysmon.d.o
[ 36%] Copying sysmon.service
[ 37%] Packing sysmon.service into sysmon.service.o
[ 38%] Checking sysmonEBPFkern4.15.o

eBPF Program Sizes: (max 4096)


[ 39%] Checking sysmonEBPFkern4.16.o

eBPF Program Sizes: (max 4096)


[ 40%] Checking sysmonEBPFkern4.17-5.1.o

eBPF Program Sizes: (max 4096)


[ 41%] Checking sysmonEBPFkern5.2.o

eBPF Program Sizes: (max 32768)


[ 43%] Checking sysmonEBPFkern5.3-5.5.o

eBPF Program Sizes: (max 32768)


[ 44%] Checking sysmonEBPFkern5.6-.o

eBPF Program Sizes: (max 32768)


Scanning dependencies of target sysmon
[ 45%] Building C object CMakeFiles/sysmon.dir/sysmonforlinux.c.o
/root/SysmonForLinux/sysmonforlinux.c:100:6: error: ‘__NR_creat’ undeclared here (not in a function)
  100 |     {__NR_creat, "sysmon/FileCreate/exit"},
      |      ^~~~~~~~~~
/root/SysmonForLinux/sysmonforlinux.c:101:6: error: ‘__NR_open’ undeclared here (not in a function)
  101 |     {__NR_open, "sysmon/FileOpen/exit"},
      |      ^~~~~~~~~
/root/SysmonForLinux/sysmonforlinux.c:103:6: error: ‘__NR_unlink’ undeclared here (not in a function)
  103 |     {__NR_unlink, "sysmon/FileDelete/exit"},
      |      ^~~~~~~~~~~
make[2]: *** [CMakeFiles/sysmon.dir/build.make:520: CMakeFiles/sysmon.dir/sysmonforlinux.c.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:252: CMakeFiles/sysmon.dir/all] Error 2
make: *** [Makefile:103: all] Error 2