Welcome to the eBPF-ProcTrace repository! This project aims to provide a comprehensive process tracing solution using eBPF technology. Monitor process starts system-wide, including within containers, to gain valuable insights into process behavior and resource utilization.

• Comprehensive Process Tracing: Capture detailed information about process start events, including parent processes, command-line arguments, and timestamps.

• Container-Aware Monitoring: Trace processes within containerized environments, allowing you to understand interactions and orchestration.

• Low Overhead: Leverage eBPF's efficiency to minimize the impact on system performance, making it suitable for various environments.

• Customizable Analysis: Extend and customize the tracing logic to meet your specific monitoring and analysis requirements.

Follow these steps to get started with eBPF-ProcTrace:

1. Prerequisites: Ensure you have a compatible Linux kernel version and required dependencies. Check our detailed setup guide in the documentation for instructions.

2. Installation: Clone this repository and follow the installation steps outlined in the installation guide.

3. Usage: Refer to the usage documentation for examples and guidelines on running and customizing process traces.

We welcome contributions from the community to enhance eBPF-ProcTrace. Whether you're adding new features, improving documentation, or fixing bugs, your contributions are valuable. Refer to our contribution guidelines to learn about the process.

This project is open-source and is licensed under the MIT License.

Let's explore the fascinating world of process tracing together with eBPF-ProcTrace!