Sysmon

Windows 10

Flynn Weeks

Flynn Weeks

January 31, 2022

Sysmon is a very useful Windows tool that can provide a few extra and more in depth logs. To install, visit https://docs.microsoft.com/en-us/sysinternals/ to get the newest version of Sysinternals.

This will download a zip file. Unzip the contents to a location of your choosing. Next, cd to the location that you unzipped the file to.

To install Sysmon, enter the command sysmon64.exe -accepteula -i . This command accepts the EULA information and installs sysmon onto your machine. If you are running a 32 bit system, omit the 64 in sysmon.exe.

Sysmon logs can be viewed in the event viewer, just like normal windows logs. To view the sysmon log file, navigate the sysmon folder in event viewer, which can be found under the Windows folder.

Under the sysmon folder, there is a operational log; this log file holds the logs generated by Sysmon.