Loading...

BSidesSF 2017 - Linux Monitoring at Scale with eBPF (Brendan Gregg & Alex Maestretti)

1,641 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Mar 12, 2017

Linux Monitoring at Scale with eBPF

The latest Linux kernels have implemented a Berkeley Packet Filter (BPF) virtual machine which can provide safe and efficient syscall hooking. There are many logging systems in Linux that provide security relevant data, and several excellent open source tools that sit on top of these. These existing options provide many features that are useful during response, but at scale we focus on lightweight alerting across the fleet, to be followed up with heavy scrutiny of a subset for a limited time. We landed on the need for three basic monitoring capabilities - process execution, network connections and file integrity. Our goal is to provide meaningful security monitoring at under 1% overhead.

Loading...


to add this to Watch Later

Add to

Loading playlists...