TL;DR In this post, I explain how the Tetragon Agent reads process lifecycle data from the eBPF Map and sends it to clients.🐝 Process lifecycle data flow IntroductionObserver Reading Process Lifecycle Data from eBPF MapRead data from eBPF MapDeserialization of Process Lifecycle DataEvent type (operation types)DeserializationNotify Events to ListenersProcessManager Passes Data to server.ListenersProcess Lifecycle Data… Continue reading Tetragon Process Lifecycle Observation: Tetragon Agent Part
TL;DR In this post, I explain how Tetragon detects process creation and termination using eBPF.🐝 IntroductionOverviewkprobes and tracepointseBPF ProgramseBPF MapsTetragon AgentProcess creationeBPF program attached to tracepointWrite data to eBPF MapProcess terminationeBPF program attached to tracepointWrite data to eBPF MapWrap upNext stepRelated posts Introduction I was really impressed when I used Tetragon for the first time.… Continue reading Tetragon Process Lifecycle Observation: eBPF Part
Yuki Nakamura's Blog 