
Linux EBPF Tracing Tools - mikecarlton
http://www.brendangregg.com/ebpf.html
======
Twirrim
I've spent a little bit of time playing with some of the supplied tools, but
when it comes to creating my own using eBPF, I'm almost completely at a blank.
To some extent I just don't know a whole bunch about what there is in the
kernel to hook in to.

I'd love to see some good tutorials, or websites that could help me get a
handle on that side of things so that I can start to create useful tooling
using it.

~~~
brendangregg
I did write a tutorial; it's terse (on purpose) but a start:
[https://github.com/iovisor/bcc/blob/master/docs/tutorial_bcc...](https://github.com/iovisor/bcc/blob/master/docs/tutorial_bcc_python_developer.md)

I imagine we'll get more detailed tutorials over time, especially as the dust
settles on the API/interface (it's still improving, plus people are working on
alternate front-ends).

Lastly, I'm using bcc on a regular basis at Netflix, and usually find the
tools that exist are sufficient (a couple of days ago I traced a resource leak
using stackcount and trace). When there's something extra I need, I add a tool
to bcc. So yes, we should make tooling easy, but I hope a lot of the time
people find that a tool already exists for what they need.

~~~
Twirrim
Thanks for the link.

I've been using your tools on and off with our infrastructure. I work for part
of Oracle, and we're using the Oracle UEK on our stuff, which tracks mainline
a lot closer and gives good access to all these features. The product is still
fairly young, so most of my focus has been elsewhere (crossing the Ts, dotting
the Is), but I've been scribbling down thoughts of ways I can use eBFP to give
me access to useful information across our fleets.

