๐ต๏ธ 65-ebpf-for-sysadmins Index
๐ฌ eBPF for System Administrators
eBPF (extended Berkeley Packet Filter) revolutionizes system observability, allowing safe, dynamic tracing and monitoring without kernel modifications or performance impact.
๐ Contents
๐ฏ Learning Objectives
โ Understand eBPF fundamentals and use cases โ Master bpftrace for system observability โ Replace traditional debugging tools with eBPF โ Build custom monitoring solutions โ Troubleshoot performance issues dynamically
๐ Quick Reference
| Tool | Purpose | Shell Integration |
|---|---|---|
| bpftrace | High-level eBPF scripting | bpftrace script.bt |
| bcc | Python eBPF tools | execsnoop, opensnoop |
| bpftrace one-liners | Quick investigations | bpftrace -e '...' |
| perf | Performance profiling | perf record, perf script |
| tcplife | TCP connection monitoring | tcplife |
๐ eBPF Learning Path
- eBPF Intro for Shell Users - Foundation
- bpftrace vs strace - Tool comparison
- bpftrace One-Liners - Quick investigations
- bpftrace Recipes - Advanced monitoring