search

cilium / tetragon

eBPF-based Security Observability and Runtime Enforcement
https://tetragon.io
Apache License 2.0
3.65k stars 369 forks source link

Export Environment Variables in a Process's Context when an event is captured #2648

Open joshuajorel opened 4 months ago

joshuajorel commented 4 months ago

Is there an existing issue for this?

Is your feature request related to a problem?

I want to enhance monitoring for a process captured by Tetragon by looking at the environment variables available to the captured process.

Describe the feature you would like

To further enhance observability within a process's context, this feature will allow specified environment variables to be exported alongside other metadata when an event is captured. Such that, when specifying a Tetragon event, you can specify which environment variables you want to export when a Tetragon event is captured. For example:

kprobes:
- call: <some_call_here>
  env: ["ENV1", "ENV2"]

would yield the following entry in the json logs:

{
  "env": {
      "ENV1": "<some_string_value_here>",
      "ENV2:  "<some_string_value_here>"
  }
}

Describe your proposed solution

No response

Code of Conduct

inliquid commented 1 month ago

Are there any updates on this?