Skip to main content
This guide covers Linux (production-ready). For macOS and Windows (beta), see the platform-specific quick starts.
Capture AI API calls from any application in 5 minutes.

Prerequisites

  • Linux with kernel 5.0+ (uname -r to check)
  • OISP Sensor installed
  • An AI application to monitor (or use our demo)

Start Capturing

  1. Start the sensor 
    sudo oisp-sensor record
    You’ll see: 
    OISP Sensor v0.2.0
Starting capture...
eBPF capture started
Web UI: http://localhost:7777
  2. Open the Web UI Go to http://localhost:7777 in your browser. The dashboard shows:
    • Real-time event stream
    • Process tree (which apps are making AI calls)
    • Provider breakdown (OpenAI, Anthropic, etc.)
    • Token usage
  3. Generate AI activity In another terminal, make an AI API call: 
    # Python example
python3 -c "
import openai
client = openai.OpenAI()
response = client.chat.completions.create(
    model='gpt-4o-mini',
    messages=[{'role': 'user', 'content': 'Hello!'}]
)
print(response.choices[0].message.content)
"
    Or with curl: 
    curl https://api.openai.com/v1/chat/completions \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model": "gpt-4o-mini", "messages": [{"role": "user", "content": "Hello"}]}'
  4. See the events The Web UI updates in real-time showing:
    • The AI request (model, message count)
    • The AI response (tokens used, latency)
    • Which process made the call

Try Demo Mode

No OpenAI key? Try demo mode to explore the UI: 
oisp-sensor demo
This generates synthetic AI events so you can see what real events look like.

Common Options

Save to File

Export events to a JSONL file: 
sudo oisp-sensor record --output events.jsonl

Filter by Process

Only capture from specific processes: 
# By process name
sudo oisp-sensor record --process python

# By PID
sudo oisp-sensor record --pid 12345

Change Port

sudo oisp-sensor record --port 8080

Run Headless

No web UI, just file output: 
sudo oisp-sensor record --no-web --output events.jsonl

Example Output

Here’s what a captured event looks like:

AI Request

{
  "event_type": "ai.request",
  "timestamp": "2025-01-15T10:30:00Z",
  "process": {
    "pid": 12345,
    "name": "python3",
    "exe": "/usr/bin/python3"
  },
  "data": {
    "provider": "openai",
    "model": "gpt-4o-mini",
    "request_type": "chat",
    "message_count": 1
  }
}

AI Response

{
  "event_type": "ai.response",
  "timestamp": "2025-01-15T10:30:01Z",
  "data": {
    "provider": "openai",
    "model": "gpt-4o-mini",
    "success": true,
    "usage": {
      "prompt_tokens": 10,
      "completion_tokens": 25,
      "total_tokens": 35
    },
    "latency_ms": 1250,
    "finish_reason": "stop"
  }
}

Troubleshooting

No events appearing?

  1. Check your API key is set: 
    echo $OPENAI_API_KEY  # Should not be empty
  2. Check sensor is running: 
    sudo oisp-sensor check
  3. Try with debug logging: 
    RUST_LOG=debug sudo oisp-sensor record

Permission errors?

The sensor needs elevated privileges for eBPF: 
# Either run with sudo
sudo oisp-sensor record

# Or set capabilities (after installation)
sudo setcap cap_sys_admin,cap_bpf,cap_perfmon,cap_net_admin+ep /usr/local/bin/oisp-sensor

What’s Next?