Comment by tarasglek
5 months ago
It is not clear what the architecture for system-call capture is. Is it ptrace, ebpf or some custom thing or some combo? What is the overhead of running this?
The tool looks really cool, hopefully it moves ui state of art beyond windows xperf
It uses Falco libs[1] underneath, which supports capture using eBPF or a kmod. I work with the Falco libs team and they go to great lengths to minimize overhead.
[1]https://github.com/falcosecurity/libs/