Linux based File Monitoring using eBPF
Keep an eagle-eye on your files with ebpf-file-monitor, a slick Rust program powered by cutting-edge eBPF technology. This utility alerts you instantly whenever changes occur in your files, ensuring you’re always in the loop.
Features
- eBPF Technology: Utilizes the latest eBPF advancements to trace file events efficiently.
- Instant Alerts: Prints out a timestamp the moment your file is modified, ensuring real-time awareness.
- Cross-Platform Compatibility: Works seamlessly across Linux, Windows, and MacOS environments.
Prerequisites
Ensure you have the following prerequisites installed:
- Rust 1.56+ (get the latest version)
- Cargo (Rust’s package manager)
- libbpf and bcc libraries (eBPF’s dynamic duo)
Installation
# Clone the repository
git clone https://github.com/mranv/ebpf-file-monitor.git
# Navigate to the directory
cd ebpf-file-monitor
# Install bcc and libbpf if needed
# For Fedora/RedHat:
sudo yum install bcc bpf
# For Debian/Ubuntu:
sudo apt-get install libbpf-dev libbcc-dev
# Build the project
cargo build --releaseUsage
Update the FILE_PATH variable in the source code to the file you want to monitor. Then, unleash the watchdog:
./target/release/ebpf-file-monitorNow, sit back and relax as it prints timestamps whenever changes occur in the specified file.
Implementation
- libbpf: Utilizes libbpf to load eBPF programs that trace open and write syscalls.
- Event Filtering: Filters for events related to the target file.
- Real-time Alerts: Prints timestamps upon modification events, ensuring immediate awareness.
Limitations
- Single File Monitoring: Watches only one file at a time.
- Dependency Requirements: Requires eBPF/bcc libraries to be installed.
Contributions
Got ideas to enhance this utility? Contributions are welcome! Feel free to share your thoughts and suggestions to make this watchdog even better.
About
This utility is designed to track changes in specified files and provide instant timestamps upon modifications.
Repository: github.com/mranv/ebpf-file-monitor
© 2024 GitHub, Inc. All rights reserved.
Disclaimer: This blog post is licensed under the MIT license. Please refer to the repository for the full license details.