Posted on August 11, 2023 by nexonhost
What is sisdig
?
sysdig
is a powerful open-source command-line tool used for system exploration, troubleshooting, and monitoring. It provides deep visibility into the activities and behavior of a Linux-based operating system, allowing users to capture, analyze, and understand system-level information in real-time.
Sysdig Features:
- Filtering of output is supported
- Fast, stable and easy-to-use
- Enable sample advanced log analysis.
- Linux server attack (forensics) analysis features for ethical hackers are offered.
Installing sysdig:
To install sysdig
on a Linux distribution, you generally have a few options. The specific method might vary depending on the distribution you’re using. Here are the general steps for some common package managers:
- Using APT (Debian/Ubuntu):
Open a terminal and run the following commands:
sudo apt update sudo apt install sysdig
- Using YUM/DNF (Fedora/RHEL/CentOS):
Run the following commands in a terminal:
sudo yum install epel-release sudo yum install sysdig
Or with DNF:
sudo dnf install sysdig
- Using Zypper (openSUSE):
Open a terminal and run:
sudo zypper install sysdig
- Using Pacman (Arch Linux):
Run the following command in a terminal:
sudo pacman -S sysdig
- Using Snap (works on various distributions):
If your distribution supports Snap, you can install
sysdig
using the Snap package manager. Open a terminal and run:sudo snap install sysdig
How to use Sysdig?
Sysdig needs access to some critical areas like /proc file system, /dev/sysdig* devices and also needs to auto-load the sysdig-probe kernel module, therefore they need to be run as a root user or as a superuser(sudo)
Only running the sysdig command without any argument will flood your screen instantly with lots of output and difficult to understand anything that is why more command is used to see page by page.
sysdig | more
Still, confused to understand? Then use the following command to get the more useful output:
sudo csysdig
Sysdig Chisels and Filters
sysdig command has filters that allow you to filter the output .let us discuss them.
Chisels: Sample list of chisels under different categories. Can be shown using the following command:
sudo sysdig -cl
To find out more information about a particular chisel, use the -i flag:
sudo sysdig -i [category name]
List of available field classes, fields, and their descriptions by using the following command:
sudo sysdig -l
Linux Processes Monitoring
List system process by typing the following command:
sudo sysdig -c ps
Network Connections and I/O Monitoring
View system network connections, by typing the following command:
sudo sysdig -c netstat
System File I/O Monitoring
Get the output of the data to read and written by processes by typing the following command:
sudo sysdig -c echo_fds
For getting more useful information read the manual by typing the following command:
man sysdig man csysdig
Conclusion
In the realm of modern IT operations, where complexity is the norm and security is a constant concern, Sysdig stands as a robust solution that bridges the gap between monitoring and security. Its capabilities extend beyond basic system monitoring, offering powerful features for troubleshooting, security analysis, compliance, and more. By providing deep insights into the behavior of containers, microservices, and cloud-native environments, Sysdig empowers organizations to deliver reliable services, maintain robust security postures, and meet the demands of a fast-paced digital landscape. As technology continues to evolve, Sysdig remains a key player in ensuring the performance, security, and resilience of systems across the board.