Issue:
I have Sysmon installed on a RHEL 9 server and it is failing to log any TCP events. UDP events log fine. I am testing with a wide open sysmon config (attached). I've tested the same configuration on Ubuntu 24.04.3 LTS with no issues.
I have attached the output of a tracepoint test that I ran, the shell script used, and also the perf list output showing sysmon attached to inet_sock_set_state.
sysmon.xml
tracepoint_test.sh
tracepoint_test_output.txt
perf_list.txt
Sysmon Version
1.4.0
OS/kernel version
RHEL 9.6 (Plow)
5.14.0-611.9.1.el9_7.x86_64
Issue:
I have Sysmon installed on a RHEL 9 server and it is failing to log any TCP events. UDP events log fine. I am testing with a wide open sysmon config (attached). I've tested the same configuration on Ubuntu 24.04.3 LTS with no issues.
I have attached the output of a tracepoint test that I ran, the shell script used, and also the perf list output showing sysmon attached to inet_sock_set_state.
sysmon.xml
tracepoint_test.sh
tracepoint_test_output.txt
perf_list.txt
Sysmon Version
1.4.0
OS/kernel version
RHEL 9.6 (Plow)
5.14.0-611.9.1.el9_7.x86_64