Something that is really cool about Sysinternals tools are that they have a pretty usable GUI (granted, once you need to understand what does each UI icon do). Mimicking this experience in the TUI/terminal would certainly be a challenge. I would love to have a Procmon and ProcessExplorer equivalent with the GUI on Linux and macOS.
i always thought of the sysinternals tools as like the missing tools that just ship with unix systems.
without them, there was no real visibility into open file descriptors, network ports, command lines for running processes, thread trees for processes or any of the rest.
the gui was always just the windows way of presenting it. bringing a gui when the rich tools already exist on linux seems ... redundant?
(seeing this brings back nightmares from windows admins who refused to install sysinternals tools on production machines)
It's not quite inspired by the Sysinternals tools, but I'm working on something like this for macOS. An early beta should be released soon™ (read: when I stop procrastinating on polishing some of the last important bits I want to finish before then).
I'm not familiar with the Windows version of ProcMon, but judging by the Linux version, that looks like it's primarily replicating the function of `strace` in a CLI GUI.
It's not quite strace, ProcMon also does network traffic stuff too. I used it quite a bit when my job was trying to shove proprietary (usually academic, usually engineering-related) software installers into a shape that we could make silently install. ProcMon was one of our first resorts whenever an installer would inevitably mysteriously crash when it ran inside an SCCM-managed installation of windows. Which. Was. OFTEN.
Sorry, it's been over a decade now and I still have nightmares sometimes. But yeah procmon is cool.
Yes, ProcMon is the Windows equivalent of strace, with some filtering capability built-in. It also shows you the stack involved with a particular event, which can be useful for diagnosing the otherwise black box that is Windows. Eg [1]
Original ProcMon used ETW, Event Tracing for Windows; the analogous technology (although very different in style) on Linux is eBPF so that’s what this tool uses.
Sorta related: If y’all haven’t used netdata - wow - it blew my socks off last night. I have it installed on all my hosts now and it’s already helping me diagnose a redis bgsave issue that I didn’t realize existed. Really well put together software.
Why do you think most people don't know about netdata and stick with the "status quo" of gathering data -> timeseries db -> manually creating dashboards & configure alerts?
Which useful feature does this tool have what htop does not have?
Let's say there is such a feature. Why did they not implement it in htop? Made a patch and offered it to upstream? This is why we have FOSS. To benefit from each other's work.
Yeah, if you have a modern distribution, look elsewhere. For a "preview" release it's interesting that they're only targeting older distros - maybe they're focused on enterprise use.
While I see a lot of comparisons to htop, I wonder how this compares to sysdig? I’ve found sysdig to be an invaluable swiss army knife of debugging performance issues; the only difficult part is finding the right documentation among the cloud offering of the same name.
I've been looking at a few eBPF tracing implementations around GitHub recently to try and get my head round it, and this codebase has to be one of the best documented (if not best written) examples out there. Kudos.
Even though I don't use procmon on windows basically never. Sysinternals on linux could be useful especially with same gui as on windows. It would be great to see autoruns and tcpview on linux.
Seemingly because they download and build bcc as part of the build process. As to why they do that... probably because the three year old distro they're targeting has a three year old version of bcc.
alpb|4 years ago
a-dub|4 years ago
without them, there was no real visibility into open file descriptors, network ports, command lines for running processes, thread trees for processes or any of the rest.
the gui was always just the windows way of presenting it. bringing a gui when the rich tools already exist on linux seems ... redundant?
(seeing this brings back nightmares from windows admins who refused to install sysinternals tools on production machines)
saagarjha|4 years ago
jxf|4 years ago
Worth reading Joe Damato's excellent article on strace: https://blog.packagecloud.io/eng/2016/02/29/how-does-strace-...
atomicnumber3|4 years ago
Sorry, it's been over a decade now and I still have nightmares sometimes. But yeah procmon is cool.
Arnavion|4 years ago
[1]: https://github.com/msys2/MSYS2-packages/issues/138#issuecomm...
bboreham|4 years ago
stefan_|4 years ago
unixhero|4 years ago
whalesalad|4 years ago
odyslam|4 years ago
I am odysseas, DevRel at Netdata. I would love to hear your story and what Netdata helped you diagnose in your systems.
Hit me up (odyslam) in our forums: https://community.netdata.cloud
PanosJee|4 years ago
agucova|4 years ago
I know htop can strace processes with the "s" key.
snickerer|4 years ago
Which useful feature does this tool have what htop does not have?
Let's say there is such a feature. Why did they not implement it in htop? Made a patch and offered it to upstream? This is why we have FOSS. To benefit from each other's work.
gtirloni|4 years ago
Bug report: https://github.com/Sysinternals/ProcMon-for-Linux/issues/44
JeremyNT|4 years ago
mnutt|4 years ago
boomskats|4 years ago
Grayskull|4 years ago
unixhero|4 years ago
This looks like an amazing tool, can't wait to begin using it.
sloshnmosh|4 years ago
rishabhd|4 years ago
throwaway823882|4 years ago
aasasd|4 years ago
superkuh|4 years ago
nemetroid|4 years ago
mraza007|4 years ago