explaingit

iovisor/bcc

Analysis updated 2026-06-21

22,400CAudience · ops devopsComplexity · 4/5Setup · hard

TLDR

BCC is a Linux toolkit for writing small monitoring programs that run inside the kernel to observe system behavior in real time, like tracking which files processes open or diagnosing disk and network latency, without rebooting or risking crashes.

Mindmap

mindmap
  root((bcc))
    What it does
      Kernel observability
      Real-time monitoring
      Safe eBPF programs
    Use cases
      File access tracing
      Disk latency diagnosis
      Network analysis
      CPU profiling
    Tech stack
      C kernel level
      Python frontend
      Lua frontend
    Requirements
      Linux 4.1 or above
      Root or CAP BPF
    Audience
      Systems engineers
      Performance analysts
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Monitor which files each process opens on a live Linux server in real time

USE CASE 2

Diagnose disk I/O latency and identify which operations are slowest

USE CASE 3

Trace CPU time spent in kernel functions to find performance bottlenecks

USE CASE 4

Analyze network connection patterns on a production server without taking it offline

What is it built with?

CPythonLuaeBPFLinux

How does it compare?

iovisor/bccsamypesse/how-to-make-a-computer-operating-systemfastfetch-cli/fastfetch
Stars22,40022,41122,509
LanguageCCC
Setup difficultyhardeasyeasy
Complexity4/54/52/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires Linux kernel 4.1 or above with eBPF support, typically needs root or CAP_BPF privileges to run.

In plain English

BCC (BPF Compiler Collection) is a toolkit for Linux that lets you write small programs that run safely inside the operating system kernel to observe what the system is doing in real time. The technology it builds on is called eBPF (extended Berkeley Packet Filters), a feature of modern Linux that lets you attach custom monitoring code to specific points in the kernel without modifying or rebooting the system and without risking crashes. In practical terms, BCC makes it possible to answer deep diagnostic questions about a running Linux server: Which processes are opening which files? What is causing disk I/O latency? How much CPU time is spent in which kernel functions? Where are network connections going? You write a small program, run it, and get immediate visibility into system internals that would otherwise require kernel expertise or specialized hardware. BCC is mainly used by systems engineers and performance analysts who are investigating performance problems or unexpected behavior on Linux servers. It includes dozens of ready-made tools you can run directly, plus a framework for writing your own. The toolkit is written in C at the kernel level, with Python and Lua available as the front-end scripting languages for writing analysis programs. It requires Linux 4.1 or above.

Copy-paste prompts

Prompt 1
Using BCC's pre-built tools, show me how to trace which files a specific process like nginx is opening in real time on a Linux server.
Prompt 2
Write a BCC Python script that measures disk I/O latency by process name and prints a histogram every 5 seconds.
Prompt 3
How do I use BCC's opensnoop tool to detect when a specific directory is accessed by any process?
Prompt 4
I want to trace TCP connections using BCC on Linux. Show me a Python BCC script that logs new connections with source IP, destination IP, and port.
Prompt 5
What BCC tools should I use to diagnose a Linux server that has high CPU wait times?

Frequently asked questions

What is bcc?

BCC is a Linux toolkit for writing small monitoring programs that run inside the kernel to observe system behavior in real time, like tracking which files processes open or diagnosing disk and network latency, without rebooting or risking crashes.

What language is bcc written in?

Mainly C. The stack also includes C, Python, Lua.

How hard is bcc to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is bcc for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub iovisor on gitmyhub

Verify against the repo before relying on details.