This repository was archived by the owner on Oct 23, 2023. It is now read-only.
Use eBPF to get events of new created processes #411
Description
Use eBPF to get events on newly created processes (https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/)
Maybe this could be activated with a CLI flags, so older kernels are still supported using current starting method
https://github.com/iovisor/bcc/blob/master/tools/execsnoop.py