Sysdig Overview - draios/sysdig GitHub Wiki

Sysdig is a simple tool for deep system visibility, with native support for containers.

We built sysdig to give you easy access to the actual behavior of your Linux systems and containers. Honestly, the best way to understand sysdig is to try it - its super easy! Or here's a quick video introduction to csysdig, the curses-based UI for sysdig: https://www.youtube.com/watch?v=UJ4wVrbP-Q8

Far too often, system-level monitoring and troubleshooting still involves logging into a machine with SSH and using a plethora of dated tools with very inconsistent interfaces. And many of these classic Linux tools breakdown completely in containerized environments. Sysdig unites your Linux toolkit into a single, consistent, easy-to-use interface. And sysdig's unique architecture allows deep inspection into containers, right out of the box, without having to instrument the containers themselves in any way.

Sysdig provides additional value by focusing on a few key principles:

  • offering native support for all Linux container technologies, including Docker, LXC, etc
  • offering unified, coherent, and granular visibility into the storage, processing, network, and memory subsystems
  • making it possible to create trace files for system activity, similarly to what you can do for networks with tools like tcpdump and Wireshark, so that the problem can be analyzed at a later time, without losing important information
  • including rich system state in the trace files, so that the captured activity can be put into full context
  • offering a filtering language to dig into the information in a natural and interactive way
  • including a rich library of Lua scripts to solve common problems, which we call chisels (to carve up the data you unearthed... get it?).
  • offering an simple, intuitive, and fully customizable curses-based UI called csysdig

Think about sysdig as strace + tcpdump + htop + iftop + lsof + ...awesome sauce.

How does it work?

Sysdig instruments your physical and virtual machines at the OS level by installing into the Linux kernel and capturing system calls and other OS events. Then, using sysdig's command line interface or curses-based UI, csysdig, you can filter and decode these events in order to extract useful information. Sysdig can be used to inspect systems live in real-time, or to generate trace files that can be analyzed at a later stage.

How can I get the most out of sysdig?

Please explore this wiki where you will find a variety of documents that will walk you through the full functionality of sysdig. For example, here are some examples of cool things you can do with sysdig, and here's a user guide that will introduce you to using the tool.

Happy digging!