Show HN: Linnix – eBPF observability that predicts failures before they happen (github.com)

Linnix is an open‑source eBPF-based Linux observability tool that combines kernel‑level process lifecycle tracing with an optional local LLM reasoning layer. The project (Show HN) ships a lightweight eBPF agent (cognitod) that hooks fork→exec→exit and samples CPU/memory, claiming <1% CPU overhead, real‑time SSE streaming, Prometheus metrics and a web dashboard. It includes a built‑in rules engine for immediate incident detection (fork storms, runaway processes, CPU spikes) and can optionally attach a distilled 3B model (linnix-3b, 2.1GB quantized) or any OpenAI‑compatible LLM for natural‑language incident explanations and remediation suggestions. This matters because it brings low‑overhead, privacy‑first observability with automated reasoning to on‑prem clusters at a fraction of commercial APM costs. Technically, Linnix is production‑ready on kernel ≥5.8, exposes a REST API (port 3000) and SSE stream, integrates with Prometheus/Grafana, and supports local inference via llama.cpp, vLLM or Ollama; the repo provides automated setup, Docker images, and a distilled model optimized for CPU (~12.8 tok/s). Licensed Apache‑2.0 and implemented in Rust with eBPF programs, Linnix positions itself as “Prometheus for process lifecycle” with optional AI insights—useful for teams wanting fast, explainable incident context without vendor lock‑in.