
How to Install Linux Socket Monitor (LSM) on CentOS
Monitoring socket activity on a Linux server can be essential for debugging, performance analysis, and security auditing. One lightweight and efficient tool for this task is the Linux Socket Monitor (LSM) — a utility designed to capture, filter, and log socket-level activity in real-time.
In this guide, we’ll walk you through how to install and run LSM on a CentOS system.
🧰 What Is Linux Socket Monitor (LSM)?
LSM (Linux Socket Monitor) is an open-source C-based utility that hooks into the Linux kernel using Netlink sockets to monitor TCP and UDP socket events.
It provides real-time insights into:
- New socket creation
- Socket closures
- Bind/listen/connect calls
- Network activity across applications
✅ Prerequisites
Before proceeding, ensure that your environment meets the following:
- CentOS 7 or 8 (Stream versions also supported)
- Root or sudo privileges
- Development tools installed (GCC, make)
git
installed
🔧 Step 1: Update System Packages
Update all system packages to the latest versions:
bashCopyEditsudo yum update -y
🔨 Step 2: Install Required Dependencies
Install essential build tools:
bashCopyEditsudo yum groupinstall "Development Tools" -y
sudo yum install git ncurses-devel -y
📥 Step 3: Clone the LSM GitHub Repository
bashCopyEditgit clone https://github.com/nickclark120/lsm.git
cd lsm
Note: If the official repo moves or forks, adjust the URL accordingly.
⚙️ Step 4: Compile LSM
Once inside the cloned directory, run:
bashCopyEditmake
This compiles the lsm
binary using gcc
.
If compilation succeeds, you’ll see an lsm
executable in the directory.
🚀 Step 5: Run LSM
You can now run the Linux Socket Monitor:
bashCopyEditsudo ./lsm
You’ll see real-time output of socket activity, like:
csharpCopyEdit[PID:1234] nginx opened socket -> 192.168.1.10:443 (TCP)
[PID:5678] sshd closed socket -> 192.168.1.101:22 (TCP)
🧪 Optional: Filter by Process or Protocol
LSM supports runtime filtering. Some example flags:
- Show only TCP connections: bashCopyEdit
sudo ./lsm -t
- Show only a specific process: bashCopyEdit
sudo ./lsm -p nginx
- Show UDP activity only: bashCopyEdit
sudo ./lsm -u
📁 Step 6: Make LSM Available System-Wide (Optional)
To make the binary globally accessible:
bashCopyEditsudo cp lsm /usr/local/bin/
Then you can run lsm
from anywhere with:
bashCopyEditsudo lsm
📌 Use Cases for LSM
- Monitor suspicious socket activity in real-time
- Debug server applications and services
- Profile network usage by app or process
- Enhance SOC or incident response visibility
🧠 Final Thoughts
LSM is a powerful but lightweight tool for anyone interested in Linux network observability. It gives you deep visibility into how applications use the network stack — essential for performance tuning, security monitoring, and troubleshooting.
If you’re managing high-performance CentOS servers, using tools like LSM is a proactive way to maintain operational insight.
🌿 Secure & Monitor with Green Host
At GreenHost, we offer secure CentOS-based hosting environments with monitoring and hardening tools pre-configured. Let us help you deploy observability stacks that include tools like LSM, Netdata, Fail2Ban, and more.