{"id":28192640,"url":"https://github.com/gotoolkits/lightmon","last_synced_at":"2025-05-16T12:14:57.055Z","repository":{"id":288691907,"uuid":"968917302","full_name":"gotoolkits/lightmon","owner":"gotoolkits","description":"lightmon is a lightweight, Docker/K8s container-aware network traffic monitoring tool based on eBPF technology.","archived":false,"fork":false,"pushed_at":"2025-05-15T01:30:08.000Z","size":6913,"stargazers_count":14,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-15T02:30:34.453Z","etag":null,"topics":["docker","ebpf","ebpf-go","k8s"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gotoolkits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"securitySocketConnectSrc.c","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-19T01:34:15.000Z","updated_at":"2025-05-15T01:30:12.000Z","dependencies_parsed_at":"2025-04-20T13:15:41.917Z","dependency_job_id":null,"html_url":"https://github.com/gotoolkits/lightmon","commit_stats":null,"previous_names":["gotoolkits/lightmon"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gotoolkits%2Flightmon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gotoolkits%2Flightmon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gotoolkits%2Flightmon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gotoolkits%2Flightmon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gotoolkits","download_url":"https://codeload.github.com/gotoolkits/lightmon/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254527103,"owners_count":22085920,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","ebpf","ebpf-go","k8s"],"created_at":"2025-05-16T12:14:55.925Z","updated_at":"2025-05-16T12:14:57.043Z","avatar_url":"https://github.com/gotoolkits.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# lightmon\n\nlightmon is a lightweight, Docker/K8s container-aware network traffic monitoring tool based on eBPF technology. It can capture and analyze network connections established by host and container applications in real-time, providing monitoring data in multiple formats. Suitable for system monitoring, security auditing, and network troubleshooting scenarios.\n\n## DeepWiki Docs\n[DeepWiki Docs](https://deepwiki.com/gotoolkits/lightmon) \n\n## Architecture Overview\n\n```\n+---------------------+\n|   User-space Program |\n|  (Implemented in Go) |\n+----------+----------+\n           |\n           | via perf buffer\n           |\n+----------v----------+\n|   eBPF Program      |\n|  (Implemented in C) |\n|   - Trace syscalls  |\n|   - Filter network events |\n+---------------------+\n```\n\n## Features\n\n- **Lightweight \u0026 Efficient**: Based on eBPF technology with minimal performance overhead\n- **Comprehensive Monitoring**: Tracks TCP connection information\n- **Container-Aware**: Automatically identifies K8s/Docker container environments\n- **Process-Aware**: Automatically identifies processes associated with traffic and their executable paths\n- **Flexible Filtering**: Supports multi-condition combined filtering rules\n- **Multiple Output Formats**: Supports log files, JSON, tables and other output formats\n\n## Installation Guide\n\n### Dependencies\n\n```sh\n# Basic dependencies\nsudo apt update\nsudo apt install -y llvm clang\n\n# Go environment (recommended 1.23+)\n```\n\n### Build \u0026 Install\n\n```sh\ngit clone https://github.com/gotoolkits/lightmon.git\ncd lightmon\n\ngo mod tidy\nmake build\n```\n\n## Usage\n\n### Basic Usage\n\n```sh\n# Specify config file\nbin/amd64/lightmon -c ./config.yaml\nbin/arm64/lightmon -c ./config.yaml\n\n# Run with default configuration\nbin/amd64/lightmon\nbin/arm64/lightmon\n\n```\n\n### Output Formats\n\nlightmon supports multiple output formats ('-f'):\n\n1. **LOG format** (default)\n   ```\n   [container] [dest IP] [dest port] [protocol] [level] [message] [PID] [process args] [process name] [src ip] [src port] [time] [user]\n   {\"conatiner\":\"dreamy_carson\",\"dip\":\"183.2.172.17\",\"dport\":\"65535\",\"ipv6\":0,\"level\":\"info\",\"msg\":\"\",\"pid\":\"501750\",\"procArgs\":\"www.baidu.com\",\"procPath\":\"/usr/bin/busybox\",\"sip\":\"10.1.8.14\",\"sport\":\"7825\",\"time\":\"2025-04-17T14:01:48+08:00\",\"user\":\"root\"}\n   ```\n\n2. **JSON format** (use `-output json`)\n   ```json\n   {\n     \"kernelTime\": \"13898485459656\",\n     \"goTime\":\"2025-04-17T14:09:49.162027869+08:00\",\n     \"pid\": 1234,\n     \"comm\": \"nginx\",\n     \"addressFamily\": \"AF_INET\",\n     \"saddr\": \"192.168.1.100\",\n     \"sport\": 34567,\n     \"daddr\": \"10.0.0.1\", \n     \"dport\": 80,\n     \"container\":\"web-server\",\n   }\n   ```\n\n3. **Table format** (use `-output table`)\n   ```\n   +----------+-------+-------+------+-----------------+-----------------+--------------+------------------------+\n   | TIME     | USER  | PID   | AF   |  SRC            | DEST            | CONTAINER    |     PROCESS            |\n   +----------+-------+-------+------+-----------------+-----------------+---------------------------------------+\n   | 14:05:56 | root  | 1234  | v4   | 10.4.0.16:3425  | 10.0.0.1:80     | web-server   | /usr/local/bin/python  |\n   +----------+-------+-------+------+-----------------+-----------------+---------------------------------------+\n   ```\n\n### Filtering\n\nUse `-exclude` parameter to exclude unwanted connections:\n\n```sh\n# Exclude traffic to specific ports\n./lightmon -exclude 'dport=80'\n\n# Exclude traffic to specific IP ranges\n./lightmon -exclude 'dip=\"192.168.1.0/24\"'\n\n# Combined conditions\n./lightmon -exclude 'dport=80;dip=\"192.168.1.1\";keyword=\"nginx\"'\n```\n\n#### Filter Syntax\n\n- **Basic conditions**:\n  - `dport=port` - Filter by destination port\n  - `dip='IP/CIDR'` - Filter by destination IP\n  - `keyword='string'` - Filter by process path/name\n  - `container='string'` - Filter by container name\n\n- **Logical operators**:\n  - `\u0026\u0026` - AND logic\n  - `||` - OR logic\n  - `;` - Condition group separator\n\n#### Filter Examples\n\n1. Exclude local network and DNS traffic:\n   ```sh\n   ./lightmon -exclude 'dip=\"192.168.1.0/24\";dport=53'\n   ```\n\n2. Exclude specific services:\n   ```sh\n   ./lightmon -exclude 'keyword=\"nginx\";keyword=\"mysql\"'\n   ```\n\n3. Complex condition combinations:\n   ```sh\n   ./lightmon -exclude 'dip=\"10.0.0.1\" \u0026\u0026 dport=80; dip=\"10.0.0.1\" \u0026\u0026 dport=443'\n   ```\n\n4. Exclude traffic from containers with specific names:\n   ```sh\n   ./lightmon -exclude 'container=\"nginx\";container=\"redis\"'\n   ```\n\n## Development Guide\n\n### Code Structure\n\n```\nlightmon/\n├── conv/          # Protocol conversion\n├── dockerinfo/    # Container info processing\n├── event/         # Event type definitions\n├── filter/        # Filtering logic\n├── headers/       # eBPF headers\n├── linux/         # Linux-specific functions\n├── outputer/      # Output handlers\n├── fentryTcpConnectSrc.c # Fentry eBPF program type \n├── sysEnterConnectSrc.c  # Tracepoint eBPF program\n└── main.go        # Program entry\n```\n\n### Build \u0026 Test\n\n```sh\n# Run unit tests\ngo test ./...\n\n# Build binary\nmake build\n\n# Clean build\nmake clean\n```\n\n## Contributing\n\nIssues and PRs are welcome. Contribution process follows standard GitHub workflow.\n\n## License\n\nApache License 2.0, see LICENSE.txt file for details.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgotoolkits%2Flightmon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgotoolkits%2Flightmon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgotoolkits%2Flightmon/lists"}