eBPF-based PostgreSQL query tracer for Linux that captures SQL queries across multiple programming languages and environments.
pgtracer_demo.mp4
# ensure clang and llvm-strip are in PATH
go generate ./internal/bpf/
GOOS=linux GOARCH=amd64 go build -o pgtracer cmd/pgtracer/main.go
GOOS=linux GOARCH=arm64 go build -o pgtracer cmd/pgtracer/main.gosudo ./pgtracercd docker
docker-compose up --build -d
docker-compose logs -f pgtracerdocker build -t test-go-app docker/apps/go-app/
docker run --rm --network docker_pgtracer-net \
-e PGHOST=postgres \
-e PGPORT=5432 \
-e PGUSER=testuser \
-e PGPASSWORD=testpass \
-e PGDATABASE=testdb \
test-go-appdocker build -t test-python-app docker/apps/python-app/
docker run --rm --network docker_pgtracer-net \
-e PGHOST=postgres \
-e PGPORT=5432 \
-e PGUSER=testuser \
-e PGPASSWORD=testpass \
-e PGDATABASE=testdb \
test-python-appdocker build -t test-c-app docker/apps/c-app/
docker run --rm --network docker_pgtracer-net \
-e PGHOST=postgres \
-e PGPORT=5432 \
-e PGUSER=testuser \
-e PGPASSWORD=testpass \
-e PGDATABASE=testdb \
test-c-appdocker run -it --rm --network docker_pgtracer-net \
-e PGPASSWORD=testpass \
postgres:16 \
psql -h postgres -U testuser -d testdb- Go: github.com/lib/pq (including stripped binaries)
- C: libpq (dynamically linked)
- Python: psycopg2 (uses libpq)
- Automatically chooses between
BPF_MAP_TYPE_PERF_EVENT_ARRAYandBPF_MAP_TYPE_RINGBUFfor older kernel versions. - Works in container environments by attaching uprobes to procfs libraries instead of static paths.
- Uses
cilium/ebpffor statically linked zero dependency binaries that work withCGO_ENABLED=0
- Linux kernel with BTF support
- clang and llvm-strip for building