SysmonForLinux icon indicating copy to clipboard operation
SysmonForLinux copied to clipboard

Published 20 hours ago verified publisher icon Sysinternals

Fedora-version of sysmonforlinux is failing (made for RHEL 8?)

Open karekaa opened this issue 8 months ago • 1 comments

Describe the issue We are using https://packages.microsoft.com/fedora/41/prod/ as source for among other packes, fetching sysmonforliux. This program is failing on an actual Fedora 41 Linux machine. The rpm package has actually an «.el8» postfix, hinting this was made under RHEL 8. When fetching a "rhel/9/" version - the same apply with an extension of «.el8», but this will actually run OK on a RHEL 9 machine.

Originally title: «sysmonforlinux at packages.microsoft.com/fedora/41/prod/Packages/s/ is made for RHEL 8» at: https://github.com/microsoft/linux-package-repositories/issues/211

When did the issue occur? 2025-04-01 (This is NOT a «april fools day» ticket ;-)

If applicable, what package did you attempt to install, and from which repo? sysmonforlinux from this repo: https://packages.microsoft.com/fedora/41/prod/Packages/s/

Steps to Reproduce

  1. Start with a «vanilla» Fedora 41
  2. Log in as root
  3. wget https://packages.microsoft.com/fedora/41/prod/Packages/s/
  4. grep sysmon index.html
  5. wget https://packages.microsoft.com/fedora/41/prod/Packages/s/sysmonforlinux-1.3.5-0.el8.x86_64.rpm
  6. dnf install -y sysmonforlinux-1.3.5-0.el8.x86_64.rpm
  7. systemctl status sysmon.service
  8. systemctl restart sysmon.service
  9. systemctl status sysmon.service

Actual Result

~ $ ssh hostwithfedora systemctl start sysmon.service 
Job for sysmon.service failed because the control process exited with error code.
See "systemctl status sysmon.service" and "journalctl -xeu sysmon.service" for details.
~ $ 
~ $ 
~ $ ssh hostwithfedora journalctl -xeu sysmon.service
Apr 01 04:28:16 hostwithfedora systemd[1]: sysmon.service: Control process exited, code=exited, status=12/n/a
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ An ExecStart= process belonging to unit sysmon.service has exited.
░░ 
░░ The process' exit code is 'exited' and its exit status is 12.
Apr 01 04:28:16 hostwithfedora systemd[1]: sysmon.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ The unit sysmon.service has entered the 'failed' state with result 'exit-code'.
Apr 01 04:28:16 hostwithfedora systemd[1]: Failed to start sysmon.service - Sysmon event logger.
░░ Subject: A start job for unit sysmon.service has failed
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ A start job for unit sysmon.service has finished with a failure.
░░ 
░░ The job identifier is 1192376 and the job result is failed.
Apr 01 04:28:16 hostwithfedora systemd[1]: sysmon.service: Consumed 313ms CPU time, 96.5M memory peak.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ The unit sysmon.service completed and consumed the indicated resources.
Apr 01 04:28:26 hostwithfedora systemd[1]: sysmon.service: Scheduled restart job, restart counter is at 5.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
░░ 
░░ Automatic restarting of the unit sysmon.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Apr 01 04:28:26 hostwithfedora systemd[1]: sysmon.service: Start request repeated too quickly.
Apr 01 04:28:26 hostwithfedora systemd[1]: sysmon.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Expected Result The sysmon service should have started flawlessly

Screenshots

Additional context The solution might be to compile the sysmonforlinux on a Fedora 41 platform, and build the rpm from there.

Note: Fedora 42 is coming quite soon (04/24/2025 ?) and is already available as Beta, so please make a working sysmonforlinux for:

  • RHEL 9
  • Fedora 41
  • Fedora 42
  • also soon to be release: RHEL 10

karekaa avatar Apr 02 '25 07:04 karekaa

Hi - thanks for reporting this. It looks like we have a packaging problem which needs to be addressed. In the meantime, you can build Sysmon for Linux on Fedora (I just fixed a bug that caused a startup failure on Fedora). As you may know, Sysmon depends on SysinternalsEBPF. You can install the version available on - https://packages.microsoft.com/fedora/40/prod/Packages/s/sysinternalsebpf-1.4.0-0.el8.x86_64.rpm

and then build Sysmon.

MarioHewardt avatar May 20 '25 21:05 MarioHewardt