Intro to sysdig

Disclaimer

Opinions expressed are solely my own and do not express the views or opinions of my employer.

Feel free to ask questions during the presentation.

About Me

  • Red Hat Consultant
  • Specialize in Kubernetes, Docker,
    and OpenShift
  • 10+ years Linux administration

What is sysdig?

“Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze.”

strace + tcpdump + htop + iftop + lsof +
transaction tracing + awesome sauce.

User Interfaces

sysdig


# list all events
$ sysdig

# list chisels
$ sysdig -cl

# top process by CPU usage
$ sudo sysdig -c topprocs_cpu

# top process by network I/O in container "nginx"
$ sudo sysdig -pc -c topprocs_net container.name=nginx

# Save the first 100 events
$ sudo sysdig -n 100 -z -w dump.scap.gz

Sysdig User Guide
Sysdig Examples

csysdig

csysdig screenshot

Sysdig Cloud

*Paid service

Demo

Use Cases

Tracking Server Issues

Security Monitoring

Sysdig Falco

Fishing for Hackers

Resources

@GarrettHyde

http://ghyde.github.io/slides/sysdig.html

https://github.com/draios/sysdig