usage
example
This is an adapted version of opensnoop from bcc/libbpf-tools, you can check our source code here: examples/bpftools/opensnoop
You can just download the pre-compiled opensnoop package.json.
Or you can compile the opensnoop like this:
$ cd examples/bpftools/opensnoop
$ docker run -it -v /userpath/eunomia-bpf/examples/bpftools/opensnoop:/src ghcr.io/eunomia-bpf/ecc-`uname -m`:latest
userpath needs to be replaced with your own repo path.
After compile the eBPF code, you can define a config file like this:
programs:
- name: opensnoop
metrics:
counters:
- name: eunomia_file_open_counter
description: test
labels:
- name: pid
- name: comm
- name: filename
from: fname
compiled_ebpf_filename: package.json
use the path to package.json as compiled_ebpf_filename in the config file. You can find the example at config.yaml.
Then, you can start the exporter:
$ ls
config.yaml eunomia-exporter package.json
$ sudo ./eunomia-exporter
Running ebpf program opensnoop takes 46 ms
Listening on http://127.0.0.1:8526
running and waiting for the ebpf events from perf event...
Receiving request at path /metrics
Different from the bcc ebpf_exporter, the only thing you need to run on the deployment machine is the config file and package.json. There is no need to install LLVM/CLang for BCC.
The result is:
manage eBPF tracing program via API
start an eBPF exporter via web API:
$ curl -X POST http://127.0.0.1:8526/start -H "Content-Type: application/json" -d @examples/opensnoop/curl_post_example.json
{"id":1}
see curl_post_example.json for the example of the request body.
list all running eBPF programs:
stop an eBPF program:
documents: