.png){kind=logo}
Sysmon
- 24 Apr 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Sysmon
- Updated on 24 Apr 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
When installing Sysmon, you can optionally use a configiguration file.
More information about installing and using a configuration file can be found here.
Common usage featuring simple command-line options to install and uninstall Sysmon, as well as to check and modify its configuration:
Install: sysmon64 -i [configfile]
Update configuration: sysmon64 -c [configfile]
Install event manifest: sysmon64 -m
Print schema: sysmon64 -s
Uninstall: sysmon64 -u [force]
| Parameter | Description |
|---|---|
| -i | Install service and driver. Optionally take a configuration file. |
| -c | Update configuration of an installed Sysmon driver or dump the current configuration if no other argument is provided. Optionally takes a configuration file. |
| -m | Install the event manifest (implicitly done on service install as well). |
| -s | Print configuration schema definition. |
| -u | Uninstall service and driver. Using -u force causes uninstall to proceed even when some components are not installed. |
Was this article helpful?