{"id":47351307,"url":"https://github.com/bhanuprakasheagala/eTraceGen-eBPFEventTelemetryEngine","last_synced_at":"2026-03-24T00:01:10.519Z","repository":{"id":339097190,"uuid":"1160452433","full_name":"bhanuprakasheagala/eTraceGen-eBPFEventTelemetryEngine","owner":"bhanuprakasheagala","description":"A Linux telemetry engine built with eBPF and Modern C++ that captures kernel-level events for processes, files, system calls, and network with a modular pipeline for decoding, enrichment, filtering, and JSON output. It is designed for portability across modern kernels using libbpf/CO-RE with graceful fallback behaviour.","archived":false,"fork":false,"pushed_at":"2026-03-22T13:36:28.000Z","size":69,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"bhanuprakash_eagala","last_synced_at":"2026-03-23T01:12:45.976Z","etag":null,"topics":["cpp20","ebpf","event-logger","filesystem","linux","linux-kernel","malware-analysis","moderncpp","network","operating-systems","systemcalls","systemprogramming"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bhanuprakasheagala.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-18T00:32:08.000Z","updated_at":"2026-03-22T13:36:31.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/bhanuprakasheagala/eTraceGen-eBPFEventTelemetryEngine","commit_stats":null,"previous_names":["bhanuprakasheagala/etracegen-ebpfeventtelemetryengine"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bhanuprakasheagala/eTraceGen-eBPFEventTelemetryEngine","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhanuprakasheagala%2FeTraceGen-eBPFEventTelemetryEngine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhanuprakasheagala%2FeTraceGen-eBPFEventTelemetryEngine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhanuprakasheagala%2FeTraceGen-eBPFEventTelemetryEngine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhanuprakasheagala%2FeTraceGen-eBPFEventTelemetryEngine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bhanuprakasheagala","download_url":"https://codeload.github.com/bhanuprakasheagala/eTraceGen-eBPFEventTelemetryEngine/tar.gz/refs/heads/bhanuprakash_eagala","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bhanuprakasheagala%2FeTraceGen-eBPFEventTelemetryEngine/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30870076,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-23T21:38:10.789Z","status":"ssl_error","status_checked_at":"2026-03-23T21:37:51.191Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cpp20","ebpf","event-logger","filesystem","linux","linux-kernel","malware-analysis","moderncpp","network","operating-systems","systemcalls","systemprogramming"],"created_at":"2026-03-18T00:00:23.778Z","updated_at":"2026-03-24T00:01:10.513Z","avatar_url":"https://github.com/bhanuprakasheagala.png","language":"C++","readme":"# eTraceGen: eBPF Event Telemetry Engine\n\n`eTraceGen` is a Linux-only event telemetry engine built with eBPF (kernel space) and Modern C++ (user space).\n\nIt captures runtime telemetry for sandbox and malware-analysis workflows:\n- process lifecycle activity\n- file operations (paired enter/exit with syscall outcomes)\n- broad syscall telemetry (`raw_syscalls/sys_enter` + `sys_exit`)\n- network socket lifecycle metadata\n\n## Linux-Only Scope\n- Linux distributions with kernel eBPF + BTF support.\n- libbpf backend only.\n- single operational script: `./scripts/linux.sh`.\n\n## Dependencies (Linux)\n- gcc/g++ (userspace build)\n- clang/llvm (BPF object build)\n- libbpf\n- bpftool\n- kernel BTF at `/sys/kernel/btf/vmlinux`\n\n## Single Script Workflow\n```bash\n./scripts/linux.sh help\n```\n\nCore commands:\n- `./scripts/linux.sh build`\n- `./scripts/linux.sh bpf`\n- `./scripts/linux.sh all`\n- `./scripts/linux.sh check`\n- `./scripts/linux.sh preflight`\n- `./scripts/linux.sh smoke`\n- `./scripts/linux.sh validate`\n- `./scripts/linux.sh verify`\n- `./scripts/linux.sh run`\n\n## Quick Start (Linux)\n```bash\ncmake -S . -B build\ncmake --build build -j\n./scripts/linux.sh bpf\n./scripts/linux.sh run\n```\n\nOptional runtime overrides:\n```bash\nETRACEGEN_BPF_OBJECT=/absolute/path/to/event_logger.bpf.o ./build/etracegen\nETRACEGEN_CONFIG=/absolute/path/to/config.yaml ./build/etracegen\n```\n\n## Current v1 Coverage\n- process: `exec`, `fork`, `exit`, `clone`, `clone3`, `vfork`\n- file: `openat`, `unlinkat`, `renameat2`\n- syscall: broad capture (no syscall allowlist gating)\n- network: metadata-only socket lifecycle for `socket`, `connect`, `accept4`, `bind`, `listen`, `close`, `sendto`, `recvfrom`, `shutdown`\n\n## Default Runtime Mode\n- capture-first configuration in `config/default.yaml`\n- no PID/UID/syscall/network allowlist filtering in active flow\n- domain toggles remain available (`domains.process`, `domains.file`, `domains.syscall`, `domains.network_socket`)\n","funding_links":[],"categories":["Projects Related to eBPF"],"sub_categories":["Observability"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbhanuprakasheagala%2FeTraceGen-eBPFEventTelemetryEngine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbhanuprakasheagala%2FeTraceGen-eBPFEventTelemetryEngine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbhanuprakasheagala%2FeTraceGen-eBPFEventTelemetryEngine/lists"}