I think the title of this post should be the actual title from the linked page, "LTTng: an open source tracing framework for Linux". The current title ("LTTng: An open-source alternative to eBPF") seems to imply that eBPF is not open source, which is not correct.
Agreed, it's very confusing. Although I don't have any experience with it, I know what eBPF is. And when I saw the title, my first thought was "how could it not be open source?"
eBPF also does more than just tracing: it allows one to implement custom network and security policies and various other things. I don’t think LTTng does anything but tracing.
I think [this documentation page][1] does a much better job than the project homepage describing why you’d use lltng over other, related tools:
> The main distinctive features of LTTng is that it produces correlated kernel and user space traces, as well as doing so with the lowest overhead amongst other solutions. It produces trace files in the CTF format, a file format optimized for the production and analyses of multi-gigabyte data.
So it has kernel hooks as well as user space libraries for a number of different programming language runtimes like Java and Python.
Compare to eBPF, which by the way is also open-source, since it’s a kernel feature. From lltng’s documentation:
> eBPF: A subsystem in the Linux kernel in which a virtual machine can execute programs passed from the user space to the kernel.
>
> You can attach such programs to tracepoints and kprobes thanks to a system call, and they can output data to the user space when executed thanks to different mechanisms (pipe, VM register values, and eBPF maps, to name a few).