TTY Logging with BPF

From EDURange
Revision as of 18:55, 20 June 2025 by Jwgranville (talk | contribs) (Created page with "Category:Demonstrations See https://github.com/edurange/demo-bpf-tty-logger. Demonstrates how to capture TTY activity using BPF kernel probes. == Instructions == To run it one needs to have superuser privileges (for kernel access). The probes intercept all TTY activity on the host system - both inside and outside of containers. If the script is printing to a TTY device the prints will also be observed, creating a feedback loop that will quickly consume the kernel b...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

See https://github.com/edurange/demo-bpf-tty-logger.

Demonstrates how to capture TTY activity using BPF kernel probes.

Instructions

To run it one needs to have superuser privileges (for kernel access). The probes intercept all TTY activity on the host system - both inside and outside of containers. If the script is printing to a TTY device the prints will also be observed, creating a feedback loop that will quickly consume the kernel buffers. As such the output should be redirected to a file. I recommend redirecting both STDOUT and STDERR as follows: 

sudo python3 parrotty.py &> log
Retrieved from "http://edurange.org/wiki/index.php?title=TTY_Logging_with_BPF&oldid=90"