Container Enabled Chisels - draios/sysdig GitHub Wiki

sysdig now supporting Docker, LXC, and libvirt-lxc containers and the following chisels have been added or modified to enable their support.

Examples

• sudo sysdig -cl # -cl, --list-chisels lists the available chisels
• sudo sysdig -i lscontainers # -i chiselname, --chisel-info chiselname list chisel's details
• sudo sysdig -c lscontainers
• sudo sysdig -pc -c topprocs_cpu
• sudo sysdig -pcontainer -c topprocs_cpu

New Container Specific Chisels

• lscontainers: List the running containers.
• topcontainers_cpu: Top containers by CPU usage.
• topcontainers_error: Top containers by number of errors.
• topcontainers_file: Top containers by R+W disk bytes.
• topcontainers_net: Top containers by network I/O.

Updated Chisels Supporting Containers

Specifically this means each one of these are container aware with either the -pc or -pcontainer sysdig option flag.

• echo_fds: Print the data read and written by processes.
• fileslower: Trace slow file I/O.
• list_login_shells: List the login shell IDs.
• netlower: Trace slow network I/0.
• proc_exec_time: Show process execution time.
• scallslower: Trace slow syscalls.
• spy_logs: Echo any write made by any process to a log file.
• spy_syslog: Print every message written to syslog.
• spy_users: Display interactive user activity.
• stderr: Print stderr of processes.
• topconns: Top network connections by total bytes.
• topfiles_bytes: Top files by R+W bytes.
• topfiles_errors: Top files by number of errors.
• topfiles_time: Top files by time.
• topports_server: Top TCP/UDP server ports by R+W bytes.
• topprocs_cpu: Top processes by CPU usage.
• topprocs_errors: Top processes by number of errors.
• topprocs_file: Top processes by R+W disk bytes.
• topprocs_net: Top processes by network I/O.
• topscalls: Top system calls by number of calls.
• topscalls_time: Top system calls by time.

Chisels Documentation

• User Guide
• How to Write a Chisel
• Chisel API Reference Manual