diff --git a/KubeArmor/monitor/hostLogUpdate.go b/KubeArmor/monitor/hostLogUpdate.go
index 984747576c..808f1d47c7 100644
--- a/KubeArmor/monitor/hostLogUpdate.go
+++ b/KubeArmor/monitor/hostLogUpdate.go
@@ -28,6 +28,29 @@ func (mon *SystemMonitor) UpdateHostLogs() {
 			log := mon.BuildLogBase(msg)
 
 			switch msg.ContextSys.EventID {
+
+			case Sys_link, Sys_unlink, Sys_symlink, Sys_readlink:
+				{
+
+					if len(msg.ContextArgs) != 2 {
+						continue
+					}
+
+					var fileName string
+					var fileOpenFlags string
+
+					if val, ok := msg.ContextArgs[0].(string); ok {
+						fileName = val
+					}
+					if val, ok := msg.ContextArgs[1].(string); ok {
+						fileOpenFlags = val
+					}
+
+					log.Operation = "Symbolic Link"
+					log.Resource = fileName
+					log.Data = "syscall=" + getSyscallName(int32(msg.ContextSys.EventID)) + " flags=" + fileOpenFlags
+
+				}
 			case SysOpen:
 				if len(msg.ContextArgs) != 2 {
 					continue
diff --git a/KubeArmor/monitor/systemMonitor.go b/KubeArmor/monitor/systemMonitor.go
index 4ef63c9376..6fa25a6f70 100644
--- a/KubeArmor/monitor/systemMonitor.go
+++ b/KubeArmor/monitor/systemMonitor.go
@@ -30,15 +30,18 @@ import (
 
 // System Call Numbers
 const (
-	SysOpen   = 2
-	SysOpenAt = 257
-	SysClose  = 3
-
-	SysSocket  = 41
-	SysConnect = 42
-	SysAccept  = 43
-	SysBind    = 49
-	SysListen  = 50
+	SysOpen      = 2
+	SysOpenAt    = 257
+	SysClose     = 3
+	Sys_link     = 85
+	Sys_unlink   = 86
+	Sys_symlink  = 87
+	Sys_readlink = 88
+	SysSocket    = 41
+	SysConnect   = 42
+	SysAccept    = 43
+	SysBind      = 49
+	SysListen    = 50
 
 	SysExecve   = 59
 	SysExecveAt = 322