summaryrefslogtreecommitdiffstats
path: root/collectors/ebpf.plugin/ebpf.d
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--collectors/ebpf.plugin/ebpf.d.conf77
-rw-r--r--collectors/ebpf.plugin/ebpf.d/cachestat.conf42
-rw-r--r--collectors/ebpf.plugin/ebpf.d/dcstat.conf40
-rw-r--r--collectors/ebpf.plugin/ebpf.d/disk.conf12
-rw-r--r--collectors/ebpf.plugin/ebpf.d/ebpf_kernel_reject_list.txt1
-rw-r--r--collectors/ebpf.plugin/ebpf.d/fd.conf27
-rw-r--r--collectors/ebpf.plugin/ebpf.d/filesystem.conf23
-rw-r--r--collectors/ebpf.plugin/ebpf.d/functions.conf3
-rw-r--r--collectors/ebpf.plugin/ebpf.d/hardirq.conf11
-rw-r--r--collectors/ebpf.plugin/ebpf.d/mdflush.conf11
-rw-r--r--collectors/ebpf.plugin/ebpf.d/mount.conf23
-rw-r--r--collectors/ebpf.plugin/ebpf.d/network.conf66
-rw-r--r--collectors/ebpf.plugin/ebpf.d/oomkill.conf11
-rw-r--r--collectors/ebpf.plugin/ebpf.d/process.conf31
-rw-r--r--collectors/ebpf.plugin/ebpf.d/shm.conf42
-rw-r--r--collectors/ebpf.plugin/ebpf.d/softirq.conf11
-rw-r--r--collectors/ebpf.plugin/ebpf.d/swap.conf34
-rw-r--r--collectors/ebpf.plugin/ebpf.d/sync.conf43
-rw-r--r--collectors/ebpf.plugin/ebpf.d/vfs.conf35
19 files changed, 543 insertions, 0 deletions
diff --git a/collectors/ebpf.plugin/ebpf.d.conf b/collectors/ebpf.plugin/ebpf.d.conf
new file mode 100644
index 00000000..5cb844b2
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d.conf
@@ -0,0 +1,77 @@
+#
+# Global options
+#
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The eBPF collector also creates charts for each running application through an integration with the `apps.plugin`
+# or `cgroups.plugin`.
+# If you want to disable the integration with `apps.plugin` or `cgroups.plugin` along with the above charts, change the setting
+# `apps` and `cgroups` to 'no'.
+#
+# The `update every` option defines the number of seconds used to read data from kernel and send to netdata
+#
+# The `pid table size` defines the maximum number of PIDs stored in the application hash tables.
+#
+# The `btf path` specifies where to find the BTF files.
+#
+# The `maps per core` defines if hash tables will be per core or not. This option is ignored on kernels older than 4.15.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+[global]
+ ebpf load mode = entry
+ apps = no
+ cgroups = no
+ update every = 5
+ pid table size = 32768
+ btf path = /sys/kernel/btf/
+ maps per core = yes
+ lifetime = 300
+
+#
+# eBPF Programs
+#
+# The eBPF collector has the following eBPF programs:
+#
+# `cachestat` : Make charts for kernel functions related to page cache.
+# `dcstat` : Make charts for kernel functions related to directory cache.
+# `disk` : Monitor I/O latencies for disks
+# `fd` : This eBPF program creates charts that show information about file manipulation.
+# `filesystem`: Monitor calls for functions used to manipulate specific filesystems
+# `hardirq` : Monitor latency of serving hardware interrupt requests (hard IRQs).
+# `mdflush` : Monitors flush counts for multi-devices.
+# `mount` : Monitor calls for syscalls mount and umount
+# `oomkill` : This eBPF program creates a chart that shows which process got OOM killed and when.
+# `process` : This eBPF program creates charts that show information about process life.
+# `shm` : Monitor calls for syscalls shmget, shmat, shmdt and shmctl.
+# `socket` : This eBPF program creates charts with information about `TCP` and `UDP` functions, including the
+# bandwidth consumed by each.
+# `softirq` : Monitor latency of serving software interrupt requests (soft IRQs).
+# `sync` : Monitor calls for syscall sync(2).
+# `swap` : Monitor calls for internal swap functions.
+# `vfs` : This eBPF program creates charts that show information about process VFS IO, VFS file manipulation and
+# files removed.
+#
+# When plugin detects that system has support to BTF, it enables integration with apps.plugin.
+#
+[ebpf programs]
+ cachestat = yes
+ dcstat = no
+ disk = no
+ fd = yes
+ filesystem = no
+ hardirq = no
+ mdflush = no
+ mount = yes
+ oomkill = yes
+ process = yes
+ shm = yes
+ socket = no
+ softirq = yes
+ sync = no
+ swap = yes
+ vfs = no
+ network connections = no
diff --git a/collectors/ebpf.plugin/ebpf.d/cachestat.conf b/collectors/ebpf.plugin/ebpf.d/cachestat.conf
new file mode 100644
index 00000000..9c51b2c5
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/cachestat.conf
@@ -0,0 +1,42 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The eBPF collector also creates charts for each running application through an integration with the `apps.plugin`
+# or `cgroups.plugin`.
+# If you want to disable the integration with `apps.plugin` or `cgroups.plugin` along with the above charts, change
+# the setting `apps` and `cgroups` to 'no'.
+#
+# The `pid table size` defines the maximum number of PIDs stored inside the application hash table.
+#
+# The `ebpf type format` option accepts the following values :
+# `auto` : The eBPF collector will investigate hardware and select between the two next options.
+# `legacy`: The eBPF collector will load the legacy code. Note: This has a bigger overload.
+# `co-re` : The eBPF collector will use latest tracing method. Note: This is not available on all platforms.
+#
+# The `ebpf co-re tracing` option accepts the following values:
+# `trampoline`: This is the default mode used by the eBPF collector, due the small overhead added to host.
+# `probe` : This is the same as legacy code.
+#
+# The `collect pid` option defines the PID stored inside hash tables and accepts the following options:
+# `real parent`: Only stores real parent inside PID
+# `parent` : Only stores parent PID.
+# `all` : Stores all PIDs used by software. This is the most expensive option.
+#
+# The `maps per core` defines if hash tables will be per core or not. This option is ignored on kernels older than 4.6.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+# Uncomment lines to define specific options for thread.
+[global]
+# ebpf load mode = entry
+# apps = yes
+# cgroups = no
+# update every = 10
+# pid table size = 32768
+ ebpf type format = auto
+ ebpf co-re tracing = trampoline
+ collect pid = real parent
+# maps per core = yes
+ lifetime = 300
diff --git a/collectors/ebpf.plugin/ebpf.d/dcstat.conf b/collectors/ebpf.plugin/ebpf.d/dcstat.conf
new file mode 100644
index 00000000..614d814e
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/dcstat.conf
@@ -0,0 +1,40 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The eBPF collector also creates charts for each running application through an integration with the `apps.plugin`
+# or `cgroups.plugin`.
+# If you want to disable the integration with `apps.plugin` or `cgroups.plugin` along with the above charts, change
+# the setting `apps` and `cgroups` to 'no'.
+#
+# The `ebpf type format` option accepts the following values :
+# `auto` : The eBPF collector will investigate hardware and select between the two next options.
+# `legacy`: The eBPF collector will load the legacy code. Note: This has a bigger overload.
+# `co-re` : The eBPF collector will use latest tracing method. Note: This is not available on all platforms.
+#
+# The `ebpf co-re tracing` option accepts the following values:
+# `trampoline`: This is the default mode used by the eBPF collector, due the small overhead added to host.
+# `probe` : This is the same as legacy code.
+#
+# The `collect pid` option defines the PID stored inside hash tables and accepts the following options:
+# `real parent`: Only stores real parent inside PID
+# `parent` : Only stores parent PID.
+# `all` : Stores all PIDs used by software. This is the most expensive option.
+#
+# The `maps per core` defines if hash tables will be per core or not. This option is ignored on kernels older than 4.6.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+# Uncomment lines to define specific options for thread.
+[global]
+# ebpf load mode = entry
+# apps = yes
+# cgroups = no
+# update every = 10
+# pid table size = 32768
+ ebpf type format = auto
+ ebpf co-re tracing = trampoline
+ collect pid = real parent
+# maps per core = yes
+ lifetime = 300
diff --git a/collectors/ebpf.plugin/ebpf.d/disk.conf b/collectors/ebpf.plugin/ebpf.d/disk.conf
new file mode 100644
index 00000000..c5a0a270
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/disk.conf
@@ -0,0 +1,12 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+[global]
+# ebpf load mode = entry
+# update every = 10
+ lifetime = 300
+
diff --git a/collectors/ebpf.plugin/ebpf.d/ebpf_kernel_reject_list.txt b/collectors/ebpf.plugin/ebpf.d/ebpf_kernel_reject_list.txt
new file mode 100644
index 00000000..539bf357
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/ebpf_kernel_reject_list.txt
@@ -0,0 +1 @@
+Ubuntu 4.18.0
diff --git a/collectors/ebpf.plugin/ebpf.d/fd.conf b/collectors/ebpf.plugin/ebpf.d/fd.conf
new file mode 100644
index 00000000..d4823032
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/fd.conf
@@ -0,0 +1,27 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The eBPF collector also creates charts for each running application through an integration with the `apps.plugin`
+# or `cgroups.plugin`.
+# If you want to disable the integration with `apps.plugin` or `cgroups.plugin` along with the above charts, change
+# the setting `apps` and `cgroups` to 'no'.
+#
+# The `pid table size` defines the maximum number of PIDs stored inside the hash table.
+#
+# The `maps per core` defines if hash tables will be per core or not. This option is ignored on kernels older than 4.6.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+# Uncomment lines to define specific options for thread.
+[global]
+# ebpf load mode = entry
+# apps = yes
+# cgroups = no
+# update every = 10
+# pid table size = 32768
+ ebpf type format = auto
+ ebpf co-re tracing = trampoline
+# maps per core = yes
+ lifetime = 300
diff --git a/collectors/ebpf.plugin/ebpf.d/filesystem.conf b/collectors/ebpf.plugin/ebpf.d/filesystem.conf
new file mode 100644
index 00000000..209abba7
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/filesystem.conf
@@ -0,0 +1,23 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+# The eBPF collector also creates charts for each running application through an integration with the `apps plugin`.
+# If you want to disable the integration with `apps.plugin` along with the above charts, change the setting `apps` to
+# 'no'.
+#
+[global]
+# ebpf load mode = entry
+# update every = 10
+ lifetime = 300
+
+# All filesystems are named as 'NAMEdist' where NAME is the filesystem name while 'dist' is a reference for distribution.
+[filesystem]
+ btrfsdist = yes
+ ext4dist = yes
+ nfsdist = yes
+ xfsdist = yes
+ zfsdist = yes
diff --git a/collectors/ebpf.plugin/ebpf.d/functions.conf b/collectors/ebpf.plugin/ebpf.d/functions.conf
new file mode 100644
index 00000000..a4f57f64
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/functions.conf
@@ -0,0 +1,3 @@
+#[global]
+# update every = 5
+
diff --git a/collectors/ebpf.plugin/ebpf.d/hardirq.conf b/collectors/ebpf.plugin/ebpf.d/hardirq.conf
new file mode 100644
index 00000000..6a47a94b
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/hardirq.conf
@@ -0,0 +1,11 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+[global]
+# ebpf load mode = entry
+# update every = 10
+ lifetime = 300
diff --git a/collectors/ebpf.plugin/ebpf.d/mdflush.conf b/collectors/ebpf.plugin/ebpf.d/mdflush.conf
new file mode 100644
index 00000000..ea97ebe8
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/mdflush.conf
@@ -0,0 +1,11 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+[global]
+# ebpf load mode = entry
+# update every = 1
+ lifetime = 300
diff --git a/collectors/ebpf.plugin/ebpf.d/mount.conf b/collectors/ebpf.plugin/ebpf.d/mount.conf
new file mode 100644
index 00000000..ff9a2948
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/mount.conf
@@ -0,0 +1,23 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The `ebpf type format` option accepts the following values :
+# `auto` : The eBPF collector will investigate hardware and select between the two next options.
+# `legacy`: The eBPF collector will load the legacy code. Note: This has a bigger overload.
+# `co-re` : The eBPF collector will use latest tracing method. Note: This is not available on all platforms.
+#
+# The `ebpf co-re tracing` option accepts the following values:
+# `trampoline`: This is the default mode used by the eBPF collector, due the small overhead added to host.
+# `tracepoint`: When available, the eBPF collector will use kernel tracepoint to monitor syscall.
+# `probe` : This is the same as legacy code.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+[global]
+# ebpf load mode = entry
+# update every = 1
+ ebpf type format = auto
+ ebpf co-re tracing = trampoline
+ lifetime = 300
diff --git a/collectors/ebpf.plugin/ebpf.d/network.conf b/collectors/ebpf.plugin/ebpf.d/network.conf
new file mode 100644
index 00000000..99c32edc
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/network.conf
@@ -0,0 +1,66 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The eBPF collector also creates charts for each running application through an integration with the `apps.plugin`
+# or `cgroups.plugin`.
+# If you want to disable the integration with `apps.plugin` or `cgroups.plugin` along with the above charts, change
+# the setting `apps` and `cgroups` to 'no'.
+#
+# The following options change the hash table size:
+# `bandwidth table size`: Maximum number of connections monitored
+# `ipv4 connection table size`: Maximum number of IPV4 connections monitored
+# `ipv6 connection table size`: Maximum number of IPV6 connections monitored
+# `udp connection table size`: Maximum number of UDP connections monitored
+#
+# The `ebpf type format` option accepts the following values :
+# `auto` : The eBPF collector will investigate hardware and select between the two next options.
+# `legacy`: The eBPF collector will load the legacy code. Note: This has a bigger overload.
+# `co-re` : The eBPF collector will use latest tracing method. Note: This is not available on all platforms.
+#
+# The `ebpf co-re tracing` option accepts the following values:
+# `trampoline`: This is the default mode used by the eBPF collector, due the small overhead added to host.
+# `tracepoint`: When available, the eBPF collector will use kernel tracepoint to monitor syscall.
+# `probe` : This is the same as legacy code.
+#
+# The `maps per core` defines if hash tables will be per core or not. This option is ignored on kernels older than 4.6.
+#
+# The `collect pid` option defines the PID stored inside hash tables and accepts the following options:
+# `real parent`: Only stores real parent inside PID
+# `parent` : Only stores parent PID.
+# `all` : Stores all PIDs used by software. This is the most expensive option.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+# Uncomment lines to define specific options for thread.
+[global]
+# ebpf load mode = entry
+# apps = yes
+# cgroups = no
+# update every = 10
+ bandwidth table size = 16384
+ socket monitoring table size = 16384
+ udp connection table size = 4096
+ ebpf type format = auto
+ ebpf co-re tracing = probe
+ maps per core = no
+ collect pid = all
+ lifetime = 300
+
+#
+# Network Connection
+#
+# This is a feature with status WIP(Work in Progress)
+#
+[network connections]
+ enabled = yes
+ resolve hostnames = no
+ resolve service names = yes
+ ports = *
+# ips = !127.0.0.1/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fc00::/7 !::1/128
+ ips = *
+ hostnames = *
+
+[service name]
+ 19999 = Netdata
diff --git a/collectors/ebpf.plugin/ebpf.d/oomkill.conf b/collectors/ebpf.plugin/ebpf.d/oomkill.conf
new file mode 100644
index 00000000..ea97ebe8
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/oomkill.conf
@@ -0,0 +1,11 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+[global]
+# ebpf load mode = entry
+# update every = 1
+ lifetime = 300
diff --git a/collectors/ebpf.plugin/ebpf.d/process.conf b/collectors/ebpf.plugin/ebpf.d/process.conf
new file mode 100644
index 00000000..150c5792
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/process.conf
@@ -0,0 +1,31 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The eBPF collector also creates charts for each running application through an integration with the `apps.plugin`
+# or `cgroups.plugin`.
+# If you want to disable the integration with `apps.plugin` or `cgroups.plugin` along with the above charts, change
+# the setting `apps` and `cgroups` to 'no'.
+#
+# The `pid table size` defines the maximum number of PIDs stored inside the hash table.
+#
+# The `collect pid` option defines the PID stored inside hash tables and accepts the following options:
+# `real parent`: Only stores real parent inside PID
+# `parent` : Only stores parent PID.
+# `all` : Stores all PIDs used by software. This is the most expensive option.
+#
+# The `maps per core` defines if hash tables will be per core or not. This option is ignored on kernels older than 4.6.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+# Uncomment lines to define specific options for thread.
+[global]
+# ebpf load mode = entry
+# apps = yes
+# cgroups = no
+# update every = 10
+# pid table size = 32768
+ collect pid = real parent
+# maps per core = yes
+ lifetime = 300
diff --git a/collectors/ebpf.plugin/ebpf.d/shm.conf b/collectors/ebpf.plugin/ebpf.d/shm.conf
new file mode 100644
index 00000000..95fb54e0
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/shm.conf
@@ -0,0 +1,42 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The eBPF collector also creates charts for each running application through an integration with the `apps.plugin`
+# or `cgroups.plugin`.
+# If you want to disable the integration with `apps.plugin` or `cgroups.plugin` along with the above charts, change
+# the setting `apps` and `cgroups` to 'no'.
+#
+# The `ebpf type format` option accepts the following values :
+# `auto` : The eBPF collector will investigate hardware and select between the two next options.
+# `legacy`: The eBPF collector will load the legacy code. Note: This has a bigger overload.
+# `co-re` : The eBPF collector will use latest tracing method. Note: This is not available on all platforms.
+#
+# The `ebpf co-re tracing` option accepts the following values:
+# `trampoline`: This is the default mode used by the eBPF collector, due the small overhead added to host.
+# `tracepoint`: When available, the eBPF collector will use kernel tracepoint to monitor syscall.
+# `probe` : This is the same as legacy code.
+#
+# The `maps per core` defines if hash tables will be per core or not. This option is ignored on kernels older than 4.6.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+# Uncomment lines to define specific options for thread.
+[global]
+# ebpf load mode = entry
+# apps = yes
+# cgroups = no
+# update every = 10
+# pid table size = 32768
+ ebpf type format = auto
+ ebpf co-re tracing = trampoline
+# maps per core = yes
+ lifetime = 300
+
+# List of monitored syscalls
+[syscalls]
+ shmget = yes
+ shmat = yes
+ shmdt = yes
+ shmctl = yes
diff --git a/collectors/ebpf.plugin/ebpf.d/softirq.conf b/collectors/ebpf.plugin/ebpf.d/softirq.conf
new file mode 100644
index 00000000..6a47a94b
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/softirq.conf
@@ -0,0 +1,11 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+[global]
+# ebpf load mode = entry
+# update every = 10
+ lifetime = 300
diff --git a/collectors/ebpf.plugin/ebpf.d/swap.conf b/collectors/ebpf.plugin/ebpf.d/swap.conf
new file mode 100644
index 00000000..29d9b420
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/swap.conf
@@ -0,0 +1,34 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The eBPF collector also creates charts for each running application through an integration with the `apps.plugin`
+# or `cgroups.plugin`.
+# If you want to disable the integration with `apps.plugin` or `cgroups.plugin` along with the above charts, change
+# the setting `apps` and `cgroups` to 'no'.
+#
+# The `ebpf type format` option accepts the following values :
+# `auto` : The eBPF collector will investigate hardware and select between the two next options.
+# `legacy`: The eBPF collector will load the legacy code. Note: This has a bigger overload.
+# `co-re` : The eBPF collector will use latest tracing method. Note: This is not available on all platforms.
+#
+# The `ebpf co-re tracing` option accepts the following values:
+# `trampoline`: This is the default mode used by the eBPF collector, due the small overhead added to host.
+# `probe` : This is the same as legacy code.
+#
+# The `maps per core` defines if hash tables will be per core or not. This option is ignored on kernels older than 4.6.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+# Uncomment lines to define specific options for thread.
+[global]
+# ebpf load mode = entry
+# apps = yes
+# cgroups = no
+# update every = 10
+# pid table size = 32768
+ ebpf type format = auto
+ ebpf co-re tracing = trampoline
+# maps per core = yes
+ lifetime = 300
diff --git a/collectors/ebpf.plugin/ebpf.d/sync.conf b/collectors/ebpf.plugin/ebpf.d/sync.conf
new file mode 100644
index 00000000..a086ed4d
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/sync.conf
@@ -0,0 +1,43 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The eBPF collector also creates charts for each running application through an integration with the `apps.plugin`
+# or `cgroups.plugin`.
+# If you want to disable the integration with `apps.plugin` or `cgroups.plugin` along with the above charts, change
+# the setting `apps` and `cgroups` to 'no'.
+#
+# The `ebpf type format` option accepts the following values :
+# `auto` : The eBPF collector will investigate hardware and select between the two next options.
+# `legacy`: The eBPF collector will load the legacy code. Note: This has a bigger overload.
+# `co-re` : The eBPF collector will use latest tracing method. Note: This is not available on all platforms.
+#
+# The `ebpf co-re tracing` option accepts the following values:
+# `trampoline`: This is the default mode used by the eBPF collector, due the small overhead added to host.
+# `tracepoint`: When available, the eBPF collector will use kernel tracepoint to monitor syscall.
+# `probe` : This is the same as legacy code.
+#
+# The `maps per core` defines if hash tables will be per core or not. This option is ignored on kernels older than 4.6.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+# Uncomment lines to define specific options for thread.
+[global]
+# ebpf load mode = entry
+# apps = yes
+# cgroups = no
+# update every = 10
+ ebpf type format = auto
+ ebpf co-re tracing = trampoline
+# maps per core = yes
+ lifetime = 300
+
+# List of monitored syscalls
+[syscalls]
+ sync = yes
+ msync = yes
+ fsync = yes
+ fdatasync = yes
+ syncfs = yes
+ sync_file_range = yes
diff --git a/collectors/ebpf.plugin/ebpf.d/vfs.conf b/collectors/ebpf.plugin/ebpf.d/vfs.conf
new file mode 100644
index 00000000..f511581b
--- /dev/null
+++ b/collectors/ebpf.plugin/ebpf.d/vfs.conf
@@ -0,0 +1,35 @@
+# The `ebpf load mode` option accepts the following values :
+# `entry` : The eBPF collector only monitors calls for the functions, and does not show charts related to errors.
+# `return : In the `return` mode, the eBPF collector monitors the same kernel functions as `entry`, but also creates
+# new charts for the return of these functions, such as errors.
+#
+# The eBPF collector also creates charts for each running application through an integration with the `apps.plugin`
+# or `cgroups.plugin`.
+# If you want to disable the integration with `apps.plugin` or `cgroups.plugin` along with the above charts, change
+# the setting `apps` and `cgroups` to 'no'.
+#
+# The `ebpf type format` option accepts the following values :
+# `auto` : The eBPF collector will investigate hardware and select between the two next options.
+# `legacy`: The eBPF collector will load the legacy code. Note: This has a bigger overload.
+# `co-re` : The eBPF collector will use latest tracing method. Note: This is not available on all platforms.
+#
+# The `ebpf co-re tracing` option accepts the following values:
+# `trampoline`: This is the default mode used by the eBPF collector, due the small overhead added to host.
+# `tracepoint`: When available, the eBPF collector will use kernel tracepoint to monitor syscall.
+# `probe` : This is the same as legacy code.
+#
+# The `maps per core` defines if hash tables will be per core or not. This option is ignored on kernels older than 4.6.
+#
+# The `lifetime` defines the time length a thread will run when it is enabled by a function.
+#
+# Uncomment lines to define specific options for thread.
+[global]
+# ebpf load mode = entry
+# apps = yes
+# cgroups = no
+# update every = 10
+# pid table size = 32768
+ ebpf type format = auto
+ ebpf co-re tracing = trampoline
+# maps per core = yes
+ lifetime = 300
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-06 19:24:26 +0000