Tracee now natively supports Fluent Bit and Fluentd

Logo of eBPF with a partial green circle overlaying a yellow hexagonal pattern resembling a honeycomb, subtly incorporating elements reminiscent of Fluent Bit's seamless data pipeline.
ACF Image Blog

Easily add eBPF data to your monitoring efforts using Aquasec’s Tracee tool’s new native support for Fluent Bit and Fluentd.

Pat Stephens
Pat Stephens | Member of Technical Staff | Chronosphere

I have over 20 years experience in software engineering, primarily in the defence domain at Thales. The last few years of this were focused on transformation first to containers then Kubernetes. After Thales I worked on the cloud native team at Couchbase, working on their Golang-based Kubernetes operator. This included producing a custom Fluent Bit deployment for observability needs. Calyptia (founded by the Fluent maintainers) then approached me to come work with them building out their observability products. I joined Chronosphere with their acquisition of Calyptia.

2 MINS READ

The newest version of Aquasec’s Tracee tool (v0.12.0) now supports sending all events directly to Fluent Bit or Fluentd via the Fluent Forward receiver. This enables Tracee users to take advantage of the Fluent projects’ powerful in-stream processing and filtering capabilities before forwarding the output to any of the dozens of backends supported by the projects. Users familiar with the Fluentd logging driver for Docker will recognize a similar approach.

Last summer, we demonstrated a way to integrate Tracee and Fluent Bit, but that process required us to output the eBPF from Tracee as JSON and forward it to a log file that the Fluent Bit service could then read. With support for the Fluent Forward receiver now native with Tracee, the millions of Fluent users can now easily add eBPF data into their observability efforts, allowing kernel layer insights. You could, for example, send eBPF data through Fluent Bit to Grafana Loki, or even Loki, Chronosphere, Elasticsearch, and Splunk all at the same time.

The support for Fluent Forward receiver was made possible by a PR from Chronosphere’s Patrick Stephens (@patrick-stephens).

For information on how to configure Tracee to send data to Fluent, check out the Tracee docs. Be aware that Tracee v0.12 includes some breaking changes, so exercise appropriate caution as you begin to explore this new feature.

About Fluent Bit and Chronosphere

With Chronosphere’s acquisition of Calyptia in 2024, Chronosphere became the primary corporate sponsor of Fluent Bit. Eduardo Silva — the original creator of Fluent Bit and co-founder of Calyptia — leads a team of Chronosphere engineers dedicated full-time to the project, ensuring its continuous development and improvement.

Fluent Bit is a graduated project of the Cloud Native Computing Foundation (CNCF) under the umbrella of Fluentd, alongside other foundational technologies such as Kubernetes and Prometheus. Chronosphere is also a silver-level sponsor of the CNCF.

Share This: