Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to install and use Sysdig in Linux", the content is simple and easy to understand, organized clearly, I hope to help you solve doubts, let Xiaobian lead you to study and learn "how to install and use Sysdig in Linux" this article bar.

Sysdig is a super system tool that is more powerful than strace, tcpdump, and lsof combined. It can be used to capture system status information, save data, and filter and analyze it. Developed using Lua, it provides a command line interface and a powerful interactive interface.

Installing Sysdig

For this tutorial, due to simplicity, shorter installation process and version agnosticism, we will choose to use the automated installation process provided by the official website. During automation, the installation script automatically detects the operating system and installs the necessary dependency packages.

Run the following command as root to install sysdig from the official apt/yum repository:

# curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig |

After installation, we can feel it by calling sysdig:

# sysdig

Our screen will fill up with all the events happening on the system at once, and it will not be easy for us to do more with this information. To further process, we can run:

# sysdig -cl | less

to see a list of available chisels. The following categories are available by default, each with multiple built-in chisels. CPU Usage·Errors·I/O ·Logs·Misc·Net·Performance·Security·System State

To display information on the specified chisel, including detailed command-line usage, run the following command:

# sysdig -cl [chisel name]

For example, we can check the information about spy_port chisels under the "Network" category:

# sysdig -i spy_port

Chisel can be combined through filters that can be applied to both live data and log files to get more useful output.

Filters comply with the "class. Field "structure. For example: ·fd.cip: Client IP address. evt.dir: event direction, can be '>' for entering events, or '

Sysdig Instance: Server Performance Troubleshooting

Suppose your server is experiencing performance problems (e.g., no response, or significant response delays). You can use a bottleneck chisel to display a list of the current 10 slowest system calls.

Use the following command to perform a live check on the surviving server. The "-c" flag followed by the chisel name tells sysdig to run the specified chisel.

# sysdig -c bottlenecks

Alternatively, you can perform performance analysis on the server offline. In this case, you can save the complete sysdig record to a file and then run the bottleneck chisel against the record as follows.

First, save the sysdige record (use Ctrl+c to stop collecting):

# sysdig -w trace.scap

After collecting the records, you can run the following command to check for the slowest system call in the capture interval:

# sysdig -r trace.scap -c bottlenecks

You need to focus on columns #2,#3, and #4, which indicate execution time, process name, and PID, respectively.

Sysdig Instance: Monitoring Interactive User Activity

Suppose you, as a system administrator, want to monitor interactive user activity in your system (e.g., what commands users enter on the command line and what directories users go to). The spy_user chisel comes in handy.

Let's start by collecting a sysdig record with some extra options.

# sysdig -s 4096 -z -w /mnt/sysdig/$(hostname).scap.gz

"-s 4096" tells sysdig to capture 4096 bytes per event.·"-z"(used with "-w") enables compression for log files.·"-w " saves sysdig records to the specified file.

In the example above, we customized the name of the compressed log file on a per-host basis. Remember, you can interrupt sysdig execution by pressing Ctrl+c at any time.

After we have collected a reasonable amount of data, we can view each user's interaction by running the following command:

sysdig -r /mnt/sysdig/debian.scap.gz -c spy_users

The first column of the output above represents the PID of the process associated with the activity of the specified user.

What if you wanted to locate a specific user and monitor only that user's activities? You can filter the results of spy_users chisels by username:

sysdig -r/mnt/sysdig/debian.scap.gz-c spy_users "user.name =xmodulo"Linux server monitoring and troubleshooting tool-sysdigLinux server monitoring and troubleshooting tool-sysdigSysdig instance: monitoring file I/O

We can customize the output format of sysdig records using the "-p" flag and specify the desired fields enclosed in double quotes (such as user name, process name, and file or socket name). In this example, we will create a log file that will contain only write events in the home directory (we can later use "sysdig -r writetrace.scap.gz" to detect this file).

# sysdig -p "% user.name % proc.name %fd.name" "evt.type=write and fd.name contains /home/" -z -w writetrace.scap.gzLinux Server Monitoring and Troubleshooting Tool-sysdigLinux Server Monitoring and Troubleshooting Tool-sysdigSysdig Instance: Monitoring Network I/O

As part of server troubleshooting, you may want to monitor network traffic, which is usually done by tcpdump. For sysdig, communication sniffing is easy and the style is more user-friendly.

For example, you can examine data (ASCII encoded format) provided by a specific IP address, a specific process (such as apache2):

# sysdig -s 4096 -A -c echo_fds fd.cip=192.168.0.100 -r /mnt/sysdig/debian.scap.gz proc.name=apache2

If you want to monitor native data transfers (binary format), replace "-A" with "-X":

# sysdig -s 4096 -X -c echo_fds fd.cip= 192.168.0.100-r/mnt/sysdig/debian.scap.gz proc.name =apache2 Above is "How to install and use Sysdig in Linux" All the contents of this article, thank you for reading! I believe that everyone has a certain understanding, hope to share the content to help everyone, if you still want to learn more knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.