How to use sysdig command.

What is sisdig?

sysdig is a powerful open-source command-line tool used for system exploration, troubleshooting, and monitoring. It provides deep visibility into the activities and behavior of a Linux-based operating system, allowing users to capture, analyze, and understand system-level information in real-time.

Sysdig Features:

  • Filtering of output is supported
  • Fast, stable and easy-to-use
  • Enable sample advanced log analysis.
  • Linux server attack (forensics) analysis features for ethical hackers are offered.

Installing sysdig:

To install sysdig on a Linux distribution, you generally have a few options. The specific method might vary depending on the distribution you’re using. Here are the general steps for some common package managers:

  1. Using APT (Debian/Ubuntu):

    Open a terminal and run the following commands:

    sudo apt update
    sudo apt install sysdig
  2. Using YUM/DNF (Fedora/RHEL/CentOS):

    Run the following commands in a terminal:

    sudo yum install epel-release 
    sudo yum install sysdig

    Or with DNF:

    sudo dnf install sysdig
  3. Using Zypper (openSUSE):

    Open a terminal and run:

    sudo zypper install sysdig
  4. Using Pacman (Arch Linux):

    Run the following command in a terminal:

    sudo pacman -S sysdig
  5. Using Snap (works on various distributions):

    If your distribution supports Snap, you can install sysdig using the Snap package manager. Open a terminal and run:

    sudo snap install sysdig

How to use Sysdig?

Sysdig needs access to some critical areas like  /proc file system, /dev/sysdig* devices and also needs to auto-load the sysdig-probe kernel module, therefore they need to be run as a root user or as a superuser(sudo)

Only running the sysdig command without any argument will flood your screen instantly with lots of output and difficult to understand anything that is why more command is used to see page by page.

sysdig | more

Still, confused to understand? Then use the following command to get the more useful output:

sudo csysdig

Sysdig Chisels and Filters

sysdig command has filters that allow you to filter the output .let us discuss them.

Chisels: Sample list of chisels under different categories. Can be shown using the following command:

sudo sysdig -cl

To find out more information about a particular chisel, use the -i flag:

 sudo sysdig -i   [category name]

List of available field classes, fields, and their descriptions by using the following command:

sudo sysdig -l

Linux Processes Monitoring

List system process by typing the following command:

sudo sysdig -c ps

Network Connections and I/O Monitoring

View system network connections, by typing the following command:

sudo sysdig -c netstat

System File I/O Monitoring

Get the output of the data to read and written by processes by typing the following command:

 sudo sysdig -c echo_fds

For getting more useful information read the manual by typing the following command:

man sysdig
man csysdig


In the realm of modern IT operations, where complexity is the norm and security is a constant concern, Sysdig stands as a robust solution that bridges the gap between monitoring and security. Its capabilities extend beyond basic system monitoring, offering powerful features for troubleshooting, security analysis, compliance, and more. By providing deep insights into the behavior of containers, microservices, and cloud-native environments, Sysdig empowers organizations to deliver reliable services, maintain robust security postures, and meet the demands of a fast-paced digital landscape. As technology continues to evolve, Sysdig remains a key player in ensuring the performance, security, and resilience of systems across the board.