|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Honey Potion||120||22 days ago||1||June 13, 2022||1||gpl-3.0||C|
|Writing eBPF programs with Elixir!|
|Shawk||45||a year ago||14||December 21, 2020||4||mit||Go|
|[PoC] A socket-based tracing system for discovering network service dependencies. (renamed from transtracer)|
|Mftracer||5||5 years ago||mit||Go|
|[WIP] A CLI visualizer for distributed dependency graph by TCP port tracing|
Shawk is a socket-based tracing infrastructure for discovering network dependencies among processes in distributed applications. Shawk has an architecture of monitoring network sockets, which are endpoints of TCP connections, to trace the dependencies.
This figure shows the system conﬁguration for matching the connection information related to multiple hosts and for creating a dependency graph. Tracer running on each host sends connection information to the central Connection Management DataBase (CMDB).
This figure shows how to retrieve socket information for TCP connections. When the Tracer process runs on the host, the Tracer process queries the Linux kernel and obtains a snapshot of the active TCP connection status from the socket corresponding to each connection. At the same time, the Tracer process acquires the process information corresponding to each connection. Then it links each connection and each process.
See Quickstart document.
$ shawk --help Usage: shawk [options] A socket-based tracing system for discovering network dependencies in distributed applications. Commands: look show dependencies starting from a specified node. probe start agent for collecting flows and processes. create-scheme create CMDB scheme. Options: --version print version --credits print credits --help, -h print help
Run a daemon process of scanning connections in polling mode (default).
# SHAWK_PROBE_MODE=polling SHAWK_PROBE_INTERVAL=1s SHAWK_FLUSH_INTERVAL=10s SHAWK_CMDB_URL=postgres://shawk:[email protected]:5432/shawk?sslmode=disable&connect_timeout=1 shawk probe
Run a daemon process in streaming mode, which internaly uses eBPF.
# SHAWK_PROBE_MODE=streaming SHAWK_PROBE_INTERVAL=1s SHAWK_CMDB_URL=postgres://shawk:[email protected]:5432/shawk?sslmode=disable&connect_timeout=1 shawk probe
Run scanning connections only once.
# SHAWK_PROBE_MODE=streaming SHAWK_PROBE_INTERVAL=1s SHAWK_CMDB_URL=postgres://shawk:[email protected]:5432/shawk?sslmode=disable shawk probe --once
# SHAWK_CMDB_URL=postgres://shawk:[email protected]:5432/shawk?sslmode=disable shawk look --ipv4 10.0.0.10 10.0.0.10:80 (’nginx’, pgid=4656) └<-- 10.0.0.11:many (’wrk’, pgid=5982) 10.0.0.10:80 (’nginx’, pgid=4656) └--> 10.0.0.12:8080 (’python’, pgid=6111) 10.0.0.10:many (’fluentd’, pgid=2127) └--> 10.0.0.13:24224 (’fluentd’, pgid=2001)