Pulsar is an event-driven framework for monitoring the activity of Linux devices at runtime, powered by eBPF.
The Pulsar core modules use eBPF probes to collect events from the following sources:
- File I/O: I/O operations on disk and memory.
- Network: data from the network stack.
- Processes: processes information, including file execution and file opening.
- System Activity: device activity, including system calls.
Pulsar is built with a modular design that makes it easy to adapt the core architecture to new use cases, create new modules or write custom rules.
Note
The following guide assumes you are on a Debian-based distribution running kernel version 5.5 or higher with BPF and BTF enabled. Visit the official Pulsar website for the full requirements and installation options available.
To download, install and run Pulsar, run the following in your terminal.
<command to fetch and execute the auto-install script>
sudo pulsardYou can use the Pulsar CLI to start/stop modules, log events or update the Pulsar rules and configs:
# show status of all modules
pulsar status
# view all events tracked by Pulsar
pulsar monitorVisit this page for all the installation options available or this page for an in-depth tutorial.
- Read the docs: understand how to set up and run Pulsar;
- Tutorials: learn to use Pulsar step by step;
- Roadmap: check out the plan for the next releases;
- Support: join the Discord server for community support.
If you're interested in contributing to Pulsar — thank you!
We have a contributing guide which will help you getting involved in the project.
Join the Pulsar Discord server to chat with developers, maintainers, and the whole community. You can also drop any question about Pulsar on the official GitHub discussions or use the GitHub issues for feature requests and bug reports.
Pulsar is licensed under two licenses — Pulsar userspace code is licensed under APACHE-2.0. Pulsar eBPF probes are licensed under GPL-2.0.