TTY Logging with BPF: Difference between revisions
From EDURange
Jump to navigationJump to search
Jwgranville (talk | contribs) Created page with "Category:Demonstrations See https://github.com/edurange/demo-bpf-tty-logger. Demonstrates how to capture TTY activity using BPF kernel probes. == Instructions == To run it one needs to have superuser privileges (for kernel access). The probes intercept all TTY activity on the host system - both inside and outside of containers. If the script is printing to a TTY device the prints will also be observed, creating a feedback loop that will quickly consume the kernel b..." |
Jwgranville (talk | contribs) |
||
| Line 5: | Line 5: | ||
== Instructions == | == Instructions == | ||
To run it one needs to have superuser privileges (for kernel access). The probes intercept all TTY activity on the host system - both inside and outside of containers. If the script is printing to a TTY device the prints will also be observed, creating a feedback loop that will quickly consume the kernel buffers. As such the output should be redirected to a file. I recommend redirecting both STDOUT and STDERR as follows: | To run it one needs to have superuser privileges (for kernel access). The probes intercept all TTY activity on the host system - both inside and outside of containers. If the script is printing to a TTY device the prints themselves will also be observed, creating a feedback loop that will quickly consume the kernel buffers. As such the output should be redirected to a file. I recommend redirecting both STDOUT and STDERR as follows: | ||
sudo python3 [https://github.com/edurange/demo-bpf-tty-logger/blob/main/parrotty.py parrotty.py] &> log | sudo python3 [https://github.com/edurange/demo-bpf-tty-logger/blob/main/parrotty.py parrotty.py] &> log | ||
Revision as of 20:32, 20 June 2025
See https://github.com/edurange/demo-bpf-tty-logger.
Demonstrates how to capture TTY activity using BPF kernel probes.
Instructions
To run it one needs to have superuser privileges (for kernel access). The probes intercept all TTY activity on the host system - both inside and outside of containers. If the script is printing to a TTY device the prints themselves will also be observed, creating a feedback loop that will quickly consume the kernel buffers. As such the output should be redirected to a file. I recommend redirecting both STDOUT and STDERR as follows:
sudo python3 parrotty.py &> log
