Hi HN,<p>I just released bpfsnitch, an open-source, real-time monitoring tool for Linux systems and Kubernetes clusters. Inspired by the need for deeper security insights without adding unnecessary layers, bpfsnitch leverages eBPF technology to monitor system calls and network activities at the kernel level.<p>Key Features:<p><pre><code> Real-Time Monitoring: Track every syscall and network event as they happen.
eBPF Powered: Efficient, low-overhead monitoring directly in the kernel.
Easy Deployment: Deploy as a DaemonSet in Kubernetes for instant cluster-wide visibility.
Prometheus Integration: Exposes metrics for seamless integration with your monitoring stack.
Container Awareness: Labels metrics with container names for granular insights.
Fully Open Source: Released under the GPL license—accessible to everyone.
</code></pre>
The aim is to make security more accessible by providing a tool that's easy to deploy and offers immediate value. Whether you're a DevOps engineer, a security professional, or someone interested in learning more about eBPF and kernel-level observability, I believe bpfsnitch can be a valuable resource.<p>I'm eager to contribute to the eBPF community and engage in conversations about enhancing security practices. Feel free to check out the repository, give it a star if you find it useful, and join the discussion. I will be here to answer any questions and would love your feedback!<p>GitHub Repo: <a href="https://github.com/nullswan/bpfsnitch">https://github.com/nullswan/bpfsnitch</a><p>Looking forward to your thoughts and contributions!<p>Swan