Open ohault opened 1 month ago
Any reason NOT to use SysInternals ProcMon?
Any reason NOT to use SysInternals ProcMon?
SysInternals ProcMon for Windows is currently not in an Open Source model, meanwhile it is for the Linux version.
There is also https://github.com/progmboy/openprocmon
The key principle here would be to start by decoupling event capture of systems to monitor from the tools to leverage these events (UI, logging, ...)
With SysInternals ProcMon for Linux, such split would probably be in progress.
From there the systems to monitor could be Linux, Windows, .... , communication between backends and frontend be local, remote over network or via Virtual Machine Introspection.
In addition to the main views about processes, services, devices, ... historical views feeded by "loggers" could be a very nice complement.
Do you remembe regmon, filemon, ... ?