tracee VS jaeger

There're many other tools: https://github.com/aquasecurity/tracee from AquaSecurity for example

You can also use tracee, or auditd

If you're interested specifically in bash, you can look into bcc's bashreadline to output user commands. If you're interested in applying security policies to potential user commands, you can also take a look at Tracee although other open source solutions exist here as well.

Falco is a cloud native Kubernetes threat detection tool. It can detect unexpected behavior, intrusions, and data theft in real time. In the backend, it uses Linux eBPF technology to trace your system and applications at runtime. For example, it can detect if someone tries to read a secret file inside a container, access a pod as a root user, etc, and trigger a webhook or send logs to the monitoring system. There are similar tools like Tetragon, KubeArmor, and Tracee which also provide Kubernetes runtime security.

Aqua Security | Open Source Engineer (Go) | Remote

Aqua Security provides the next generation of Cloud Native security solutions, and open source has been core to our DNA and strategy. Our Open Source team is fully remote worldwide.

- https://github.com/aquasecurity/starboard : Kubernetes security, api-machinery and operators, security tool orchastration.

- https://github.com/aquasecurity/trivy : Vulnerability and misconfiguration scanning, image/packages/code, static analysis.

- https://github.com/aquasecurity/tracee : Runtime security, detect suspicious behavior, Linux and eBPF.

I'm the hiring manager, feel free to DM me on twitter @itaysk if you have questions.

Apply here: https://www.aquasec.com/about-us/careers/co/engineering/81.E...

I will also be looking for an Engineering Manager to join the team soon. Responsibilities include people management, product direction, cross-team collaboration enablement. Need to understand the cloud native and opens source landscape. If you're interested please DM me on Twitter since the job posting isn't up yet.

Besides opensnitch to monitor outbound connections you can use https://github.com/aquasecurity/tracee/tree/main/tracee-ebpf or the bpfcc-tools (apt install bpfcc-tools, opensnoop-bpfcc, execsnoop-bpfcc, tcpconnect-bpfcc, etc) to monitor the system, just in case there's something still running.

Aqua Security provides the next generation of Cloud Native security solutions, and open source has been a core part to our DNA and strategy. Our Open Source team is fully remote worldwide. We are looking to expand with:

- Golang / Kubernetes engineer for https://github.com/aquasecurity/starboard

- Golang engineer for https://github.com/aquasecurity/trivy

- eBPF/kernel developer for https://github.com/aquasecurity/tracee

I'm the hiring manager, feel free to DM me on twitter @itaysk if you have questions.

Apply here: https://www.aquasec.com/about-us/careers/co/engineering/81.E...

Jaeger maps the flow of requests and data as they traverse a distributed system. These requests may make calls to multiple services, which may introduce their own delays or errors. https://www.jaegertracing.io/

As engineers at past startups, we often had to debug slow queries, poor load times, inconsistent errors, etc... While tools like Jaegar [2] helped us inspect server-side performance, we had no way to tie user events to the traces we were inspecting. In other words, although we had an idea of what API route was slow, there wasn’t much visibility into the actual bottleneck.

This is where our performance product comes in: we’re rethinking a tracing/performance tool that focuses on bridging the gap between the client and server.

What’s unique about our approach is that we lean heavily into creating traces from the frontend. For example, if you’re using our Next.js SDK, we automatically connect browser HTTP requests with server-side code execution, all from the perspective of a user. We find this much more powerful because you can understand what part of your frontend codebase causes a given trace to occur. There’s an example here [3].

From an instrumentation perspective, we’ve built our SDKs on-top of OTel, so you can create custom spans to expand highlight-created traces in server routes that will transparently roll up into the flame graph you see in our UI. You can also send us raw OTel traces and manually set up the client-server connection if you want. [4] Here’s an example of what a trace looks like with a database integration using our Golang GORM SDK, triggered by a frontend GraphQL query [5] [6].

In terms of how it's built, we continue to rely heavily on ClickHouse as our time-series storage engine. Given that traces require that we also query based on an ID for specific groups of spans (more akin to an OLTP db), we’ve leveraged the power of CH materialized views to make these operations efficient (described here [7]).

To try it out, you can spin up the project with our self hosted docs [8] or use our cloud offering at app.highlight.io. The entire stack runs in docker via a compose file, including an OpenTelemetry collector for data ingestion. You’ll need to point your SDK to export data to it by setting the relevant OTLP endpoint configuration (ie. environment variable OTEL_EXPORTER_OTLP_LOGS_ENDPOINT [9]).

Overall, we’d really appreciate feedback on what we’re building here. We’re also all ears if anyone has opinions on what they’d like to see in a product like this!

[1] https://github.com/highlight/highlight/blob/main/LICENSE

[2] https://www.jaegertracing.io

[3] https://app.highlight.io/1383/sessions/COu90Th4Qc3PVYTXbx9Xe...

[4] https://www.highlight.io/docs/getting-started/native-opentel...

[5] https://static.highlight.io/assets/docs/gorm.png

[6] https://github.com/highlight/highlight/blob/1fc9487a676409f1...

[7] https://highlight.io/blog/clickhouse-materialized-views

[8] https://www.highlight.io/docs/getting-started/self-host/self...

[9] https://opentelemetry.io/docs/concepts/sdk-configuration/otl...

For the request following, something like jeager https://www.jaegertracing.io/, because you are talking more about tracing than necessarily logging. For just monitoring, https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack would be the starting point, then it depends. Nginx gives metrics out of the box, then you can pull in the dashboard like https://grafana.com/grafana/dashboards/14314-kubernetes-nginx-ingress-controller-nextgen-devops-nirvana/ , or full metal with something like service mesh monitoring which would provably fulfil most of the requirements

Have you checked out Jaeger [1]? It is lightweight enough for a personal project, but featureful enough to really help "turn on the lightbulb" with other engineers to show them the difference between logging/monitoring and tracing.

[1] https://www.jaegertracing.io/

From the perspective of the realization of GraphQL infrastructure, the interesting direction is "Finding". How to find the problem? How to find the bottleneck of the system? Distributed Tracing System (DTS) will help answer this question. Distributed tracing is a method of observing requests as they propagate through distributed environments. In our scenario, we have dozens of subgraphs, gateway, and transport layer through which the request goes. We have several tools that can be used to detect the whole lifecycle of the request through the system, e.g. Jaeger, Zipkin or solutions that provided DTS as a part of the solution NewRelic.

Jaeger is an open-source, distributed tracing system that monitors and troubleshoots the flow of requests through complex, microservices-based applications, providing a comprehensive view of system interactions.

However, ensuring fault tolerance in distributed systems is not at all easy. These systems are complex, with multiple nodes or components working together. A failure in one node can cascade across the system if not addressed timely. Moreover, the inherently distributed nature of these systems can make it challenging to pinpoint the exact location and cause of fault - that is why modern systems rely heavily on distributed tracing solutions pioneered by Google Dapper and widely available now in Jaeger and OpenTracing. But still, understanding and implementing fault tolerance becomes not just about addressing the failure but predicting and mitigating potential risks before they escalate.

In this article, we'll use HoneyComb.io as our tracing backend. While there are other tools in the market, some of which can be run on your local machine (e.g., Jaeger), I chose HoneyComb because of their complementary tools that offer improved monitoring of the service and insights into its behavior.

The best way to do this, is with the help of tracing tools such as paid tools such as Honeycomb, or your own instance of the open source Jaeger offering, or perhaps Encore's built in tracing system.

In this example, I will create 3 Node.js services (shipping, notification, and courier) using Amplication, add traces to all services, and show how to analyze trace data using Jaeger.