SysmonForLinux icon indicating copy to clipboard operation
SysmonForLinux copied to clipboard
verified publisher icon Sysinternals

sysmonUnitTests fail on Ubuntu 22.04

Open adriankaylor opened this issue 3 years ago • 1 comments

There were no issues building SysinternalsEBPF or SysmonForLinux, but the sysmonUnitTests fails to get Process.ProcessName. I've done some light testing and everything else appears to work. I tried looking for an event that includes ProcessName, but I can't find it in my other sysmon logs or in the docs.

/home/XXX/SysmonForLinux/test/linuxRules.cpp:262: Failure
Expected equality of these values:
  strcmp( pName, test.match )
    Which is: -109
  0
/home/XXX/SysmonForLinux/test/linuxRules.cpp:262: Failure
Expected equality of these values:
  strcmp( pName, test.match )
    Which is: -109
  0
/home/XXX/SysmonForLinux/test/linuxRules.cpp:262: Failure
Expected equality of these values:
  strcmp( pName, test.match )
    Which is: -109
  0
[  FAILED  ] Process.ProcessName (83 ms)

Ending with:

[==========] 19 tests from 4 test suites ran. (641 ms total)
[  PASSED  ] 18 tests.
[  FAILED  ] 1 test, listed below:
[  FAILED  ] Process.ProcessName

 1 FAILED TEST

adriankaylor avatar Sep 19 '22 22:09 adriankaylor

same issue here, any updates?

ion-storm avatar Sep 26 '22 20:09 ion-storm

@adriankaylor - With the latest changes to Sysmon, I'm not able to reproduce this anymore. Could you try and let me know if it reproduces for you?

MarioHewardt avatar Mar 13 '23 21:03 MarioHewardt

This should now be fixed.

MarioHewardt avatar Mar 14 '23 19:03 MarioHewardt