cubostratus is a high performance Linux syscall collector. It acquires the syscall flow from the rock solid sysdig driver and emits it to Kafka brokers for later ingestion, storage and analysis.
- Build the sysdig kernel module or install sysdig
- Install Rust
curl -f -L https://static.rust-lang.org/rustup.sh -O
sh rustup.sh- Clone this repository and build
cubostratusc
git clone https://github.com/rabbitstack/cubostratusc.git
cd cubostratusc
cargo build- Modify
cubostratusc.tomlconfiguration descriptor
export CUBOSTRATUSC_CONFIG=cubostratusc.toml # or
sudo cp cubostratusc.toml /etc- Create a
Kafkatopic and startcubostratusc:
bin/kafka-topics.sh --create --zookeeper localhost:2181 --replication-factor 1 \
--partitions 1 --topic cubostratus
sudo ./target/debug/cubostratusc