Facebook
Twitteratomicturtle
Golden Pleskian
Description
Sysdig instruments your physical and virtual machines at the OS level by installing a module into the Linux kernel and
capturing system calls and other OS events.Using sysdig's command line interface, you can filter and decode these events in order to extract useful information.
Sysdig can be used to inspect systems live in real-time, or to generate trace files that can be analyzed at a later stage.
Installation
1) Install the atomic repo
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
2) Install sysdig:
yum install sysdig
3) (optional) If you're using an ASL kernel, or otherwise locking the system from loading kernel modules:
reboot
Usage: These are just a few simple examples
Showing what files are using the most I/O for httpd:
sysdig -c topfiles_time proc.name=httpd
Show process execution time system wide:
sysdig -c proc_exec_time
Show top server ports:
sysdig -c topports_server
Show every file opened under a web domain:
sysdig evt.type=open and fd.name contains /var/www/vhosts/domainname/httpdocs/
Show files exchanged between apache and IP 10.11.12.13:
sysdig -A -c echo_fds proc.name=httpd and fd.sip=10.11.12.13
Show what the user id testuser is doing:
sysdig -c spy_users username=testuser
Sysdig instruments your physical and virtual machines at the OS level by installing a module into the Linux kernel and
capturing system calls and other OS events.Using sysdig's command line interface, you can filter and decode these events in order to extract useful information.
Sysdig can be used to inspect systems live in real-time, or to generate trace files that can be analyzed at a later stage.
Installation
1) Install the atomic repo
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
2) Install sysdig:
yum install sysdig
3) (optional) If you're using an ASL kernel, or otherwise locking the system from loading kernel modules:
reboot
Usage: These are just a few simple examples
Showing what files are using the most I/O for httpd:
sysdig -c topfiles_time proc.name=httpd
Show process execution time system wide:
sysdig -c proc_exec_time
Show top server ports:
sysdig -c topports_server
Show every file opened under a web domain:
sysdig evt.type=open and fd.name contains /var/www/vhosts/domainname/httpdocs/
Show files exchanged between apache and IP 10.11.12.13:
sysdig -A -c echo_fds proc.name=httpd and fd.sip=10.11.12.13
Show what the user id testuser is doing:
sysdig -c spy_users username=testuser
