sysdig

Sysdig captures system calls and other system level events using a linux kernel facility called tracepoints, providing a rich set of real-time, system-level information.

Sysdig “packetizes” this information, so that you can do things like save it into trace files and easily filter it, a bit like you would do with tcpdump. This makes it very flexible to explore what processes are doing.

Sysdig instruments your physical and virtual machines at the OS level by installing into the Linux kernel and capturing system calls and other OS events. Then, using sysdig’s command line interface, you can filter and decode these events in order to extract useful information. Sysdig can be used to inspect systems live in real-time, or to generate trace files that can be analyzed at a later stage.

####Networking * See the top processes in terms of network bandwidth usage > sysdig -c topprocs_net

####Containers * View the CPU usage of the processes running inside the wordpress1 container > sudo sysdig -pc -c topprocs_cpu container.name=wordpress1

####Application * See all the GET HTTP requests made by the machine > sudo sysdig -s 2000 -A -c echo_fds fd.port=80 and evt.buffer contains GET

####Disk I/O * See the top processes in terms of disk bandwidth usage > sysdig -c topprocs_file

####Processes and CPU usage * See the top processes in terms of CPU usage > sysdig -c topprocs_cpu

####Performance and Errors

####Security

User Guide: https://github.com/draios/sysdig/wiki/Sysdig%20User%20Guide

Source code: https://github.com/draios/sysdig

Support website: http://www.sysdig.org/

Comments

comments powered by Disqus