Support for running Sysmon from CLI/interactive inside a container or AKS cluster #16
Assignees
Labels
enhancement
New feature or request
Comments
avwsolutions
changed the title
|
If you use '-i -service' then it won't attempt to install itself or configure systemd/initd. It will need the /opt/sysmon directory to already exist however. I will add a new switch that does the standard installation but without the systemd/initd part. Let me know in the mean time if '-service' helps in a container or AKS cluster. |
|
Hi @kesheldr was this new switch ever added? I am attempting to run Sysmon in a docker container and still facing this same issue of it requiring systemd even with using the ‘-i -service’ switches. Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sysmon helps to extract a lot of information using EBPF. This also could work inside your Kubernetes (AKS Support) cluster. Currently the blocking issue is that we need to install sysmon with '-i' which tries to configure systemd. Systemd is not available in Docker.
It would be better to execute it as a CLI interactive tool, so we can run this inside a container, so we potentially can use this as daemonset on the AKS worker nodes to extract information what happens inside the cluster. Familiar use case is implemented within Falco.
The text was updated successfully, but these errors were encountered: