Observability & Metrics
ServOS uses the unified servos-agent on each commissioned server to collect the operational data the control plane needs without turning the agent into a general-purpose security sensor.
Architecture
The agent has a deliberately small contract:
- reconcile WireGuard mesh state
- emit mesh wakeups through a compact eBPF classifier when available
- collect host metrics through
/proc - collect container metrics through Docker
- push structured metrics to the control plane
The eBPF component is mesh-only. It is not used for HTTP tracing, syscall auditing, block I/O tracing, or application performance monitoring.
Graceful Degradation
If eBPF is unavailable, mesh wakeups fall back to normal polling. Metrics collection still works through /proc and Docker, so older kernels can continue to report basic health.
Collected Metrics
Host Metrics
- CPU usage and load averages
- memory usage
- disk throughput and capacity
- network throughput
- uptime and context-switch counters from
/proc
Container Metrics
- per-container CPU and memory usage
- network and block I/O totals
- process counts
- state, status, labels, and health where Docker exposes them
Mesh Metrics
- WireGuard interface status
- configured peer count
- active peer count based on recent handshakes
- current mesh revision
Agent Self-Monitoring
- agent CPU usage
- RSS and virtual memory
- open file descriptors
- thread count
Runtime Modes
- Daemon Mode (
daemon): reconciles mesh state and pushes metrics to the control plane. - Query Mode (
query <subsystem>): outputs current local state as JSON for debugging. - Buffered Ingestion: the API ingestor buffers incoming metrics before database writes.
Visualization
Metrics are visualized in the ServOS dashboard:
- server resource graphs
- container status and resource usage
- mesh health
- agent overhead