If Sysmon fails during runtime, it will not restart until the server reboots. This will severely impact log collection from the endpoint. The stopped service can be detected and restarted using external tools, or by modifying the systemd service file after installation, but this requires implementation in each new environment where SysmonForLinux is implemented.
Suggested Solution
Add configuration to the systemd service definition to allow systemd to automatically attempt to restart the service in case of failure.
Issue
If Sysmon fails during runtime, it will not restart until the server reboots. This will severely impact log collection from the endpoint. The stopped service can be detected and restarted using external tools, or by modifying the systemd service file after installation, but this requires implementation in each new environment where SysmonForLinux is implemented.
Suggested Solution
Add configuration to the systemd service definition to allow systemd to automatically attempt to restart the service in case of failure.