Expand description
eBPF-based syscall monitoring
Provides event-driven syscall tracing using eBPF programs. Monitors syscall frequency, duration, and detects slow operations (>10ms).
Note: Full eBPF functionality requires kernel 5.0+ and BPF_RING_BUFFER support.
Structsยง
- EBpf
Monitor - eBPF-based syscall monitor
- Syscall
Event - Syscall event information
- Syscall
Stats - Aggregated syscall statistics