How to install Microsoft's Procmon on Ubuntu Server 18.04

If you're a Windows admin migrating to Linux in your data centers, you'll be happy to know Procmon is now available to install on Ubuntu Server. Jack Wallen shows you how.

How to install Microsoft's Procmon on Ubuntu Server 18.04

The Procmon command is a tool, usually found on Windows, that displays real-time data from the Registry, as well as process and thread activity. This process monitor features include:

  • Configurability

  • Non-destructive filters

  • Thread stack and process detail capture

  • Boot time operation logging

It should come as no surprise to anyone (who's been paying attention) that the Windows Procmon command has come over to the Linux platform, which could be a real boon for your data center. At the moment, the tool is only available for Ubuntu 18.04 running kernels between 4.178 and 5.3, requires Cmake 3.14 or newer and libsqlite3-dev 3.22 or newer.

I want to walk you through the process of installing Procmon on Ubuntu Server 18.04. 

SEE: Implementing DevOps: A guide for IT pros (free PDF) (TechRepublic)

What you'll need

  • A running instance of Ubuntu Server 18.04

  • A user with sudo privileges

How to install the dependencies

In order to successfully install Procmon, you'll need to first install the necessary dependencies. Log in to your server, open a terminal window, and issue the command:

sudo apt-get install bison build-essential flex git libedit-dev libllvm6.0 llvm-6.0-dev libclang-6.0-dev python zlib1g-dev libelf-dev cmake -y

Next we need to build bcc. For this we'll turn to git. Clone the bcc source with the command:

git clone --branch tag_v0.10.0 https://github.com/iovisor/bcc.git

Next, create a build directory with the command:

mkdir bcc/build

Change into the new directory with the command:

cd bcc/build

Compile the source with the command:

cmake .. -DCMAKE_INSTALL_PREFIX=/usr

When the above command completes, issue the command:

make

The above command will take considerable time to complete (5-20 minutes, depending on the speed of your hardware). Finally, install bcc with the command:

sudo make install

How to install the latest version of Cmake

We now need to install Cmake version 3.14. The easiest way to do that is via snap. First, remove the current version of Cmake with the commands:

sudo apt-get remove --purge cmake -y
hash -r

Install the latest version of Cmake with the command:

sudo snap install cmake --classic

Once that completes, you can continue on with building Procmon.

How to build Procmon

We can now clone Procmon and build it. Clone the source with the command:

git clone https://github.com/Microsoft/Procmon-for-Linux

Change into the newly-created directory with the command:

cd Procmon-for-Linux

Create a build directory with the command:

mkdir build

Change into that newly created directory with the command:

cd build

Compile and build with the following two commands:

cmake ..
make

Build the package with the command:

cpack ..

Finally, install Procmon with the command:

sudo dpkg -i procmon*.deb

When the installation completes, you can begin running Procmon. For example, you could follow all processes and system calls with the command:

sudo procmon

And that's all there is to installing the Microsoft Procmon command on Ubuntu Server 18.04. For those admins who have used Procmon in the past, you now have a familiar tool in your Linux toolkit.

Also see

Software developer freelancer woman working at night

Image: iStockphoto/monstArrr_