-
Perf - Tool inside of the linux kernel that can instrument CPU performance counters, tracepoints, kprobes, and uprobes of which capsule8 does/will utilize for extracting telemetry events. Essentially it's the interface that the kernel exposes for tracing subsystems.
- perf_event_open (2) - System call interface to perf. Used to set up mmap'd ringbuffer for getting kernel sample records into userspace.
-
kprobe_events - The file within the tracefs file system where kprobes are written. Typically located at
/sys/kernel/debug/tracing. -
Event Monitor - A Go friendly library for interacting with perf. Found in pkg/sys/perf.
-
Sensor (pkg/sensor) - Actual structural instance of the Capsule8 sensor's process. Contains handles on info caches.
-
Info Caches - Clients to Event Monitor. These listen to streams of sample records while maintaing metadata caches. These emit annotations which are then packed into telemetry events. Found in pkg/sensor.
-
Telemetry Service - A grpc server that allows telemetry clients to send subscription objects and receive telemetry events.