Recent Linux kernel releases are coming weaponized with built-in instrumentation framework that has its roots in what historically was approached as BPF (Berkeley Packet Filter) – a very efficient network packet filtering mechanism which aims to avoid unnecessary user space allocations and operate on packet’s data directly in kernel land. The most familiar application of BPF powers is related to filter expressions used in tcpdump tool.
At Sysdig we’ve recently undergone a pretty interesting shift in our core instrumentation technology, adapting our agent to take advantage of eBPF – a core part of the Linux kernel. Sysdig now supports eBPF as an alternative to our Sysdig kernel module-based architecture. Today we are excited to share more details about our integration and the inner workings of eBPF. To celebrate this exciting technology we’re publishing a series of articles entirely dedicated to eBPF.
Today we’ve announced that we’ve officially added eBPF instrumentation to extend container observability with Sysdig monitoring, security and forensics solutions. eBPF – extended Berkeley Packet Filter – is a Linux-native in-kernel virtual machine that enables secure, low-overhead tracing for application performance and event observability and analysis.
Good news everyone! Or at least for all users of Raspberry Pi and the Raspbian operating system! We now provide official packages for Raspbian on ARM chips. You can find those packages on packages.icinga.com.
Within a Linux network or development system, launching a limited set of applications or services (often known as microservices) in a self-sustaining container or sandboxed environment is sometimes necessary. A container enables administrators to decouple a specific set of software applications from the operating system and have them run within a clean, minimal, and isolated Linux environment of their own.
Speed up your IBM Power servers like never before. In IBM Power System environments, processing time is costly and is measured in work units. A CPU hog on any Linux server can become expensive. Under-provisioned systems react slowly on queries from business applications, which then cause undesired end user or processing delays. As IBM Power servers typically run business critical workloads, response time and availability is key.
eBPF tracing is a broad and deep subject, and can be a bit daunting at first sight. However, when Brendan Gregg issued the dictum “Perhaps you’d like a new year’s resolution: learn eBPF!”, I figured it was as good a time as any to do something fun with it. Here at Circonus, we’ve talked about eBPF previously, so I had a starting point to look for an interesting problem to solve.
