cubostratus is a high performance Linux syscall collector. It acquires the syscall flow from the rock solid sysdig driver and emits it to Kafka brokers for later ingestion, storage and analysis.
- Build the sysdig kernel module or install sysdig
- Install Rust
curl -f -L https://static.rust-lang.org/rustup.sh -O
sh rustup.sh
- Clone this repository and build
cubostratusc
git clone https://github.com/rabbitstack/cubostratusc.git
cd cubostratusc
cargo build
- Modify
cubostratusc.toml
configuration descriptor
export CUBOSTRATUSC_CONFIG=cubostratusc.toml # or
sudo cp cubostratusc.toml /etc
- Create a
Kafka
topic and startcubostratusc
:
bin/kafka-topics.sh --create --zookeeper localhost:2181 --replication-factor 1 \
--partitions 1 --topic cubostratus
sudo ./target/debug/cubostratusc