sysmon 1.4.0 missing TCP events on RHEL 9

**Issue:**
I have Sysmon installed on a RHEL 9 server and it is failing to log any TCP events.  UDP events log fine.  I am testing with a wide open sysmon config (attached).  I've tested the same configuration on Ubuntu 24.04.3 LTS with no issues. 

I have attached the output of a tracepoint test that I ran, the shell script used, and also the perf list output showing sysmon attached to inet_sock_set_state.

[sysmon.xml](https://github.com/user-attachments/files/23871598/sysmon.xml)

[tracepoint_test.sh](https://github.com/user-attachments/files/23777807/tracepoint_test.sh)

[tracepoint_test_output.txt](https://github.com/user-attachments/files/23777815/tracepoint_test_output.txt)

[perf_list.txt](https://github.com/user-attachments/files/23777816/perf_list.txt)

**Sysmon Version**
1.4.0 

**OS/kernel version**
RHEL 9.6 (Plow)
5.14.0-611.9.1.el9_7.x86_64


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

sysmon 1.4.0 missing TCP events on RHEL 9 #218

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

sysmon 1.4.0 missing TCP events on RHEL 9 #218

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions