Announcing Sysdig 0.1.98

By Gianluca Borello
on

Oct 20 SANS Webinar! Solutions Forum 2022: Is Your SecOps Ready for Cloud and Containers?

Register Now

Bug Fixes

  • Many minor bugfixes

New and updated features

  • Container support: sysdig now supports Docker, LXC and libvirt-lxc containers, with several sub-features described below and in the documentation
  • supports to an alternate /proc file system tree (useful in containers) by setting the environment variable SYSDIG_HOST_ROOT
  • supports parsing network connections from /proc from a network namespace different than the global one
  • container information is available in the chisel API (thread table)
  • -pc and -pcontainer will use a container-friendly output format for events
  • Automated Docker builds for running sysdig:https://registry.hub.docker.com/u/sysdig/sysdig/
  • sysdig-probe-loader: new script included with sysdig to facilitate loading the sysdig-probemodule in atypic environments such as containers
  • build-sysdig-probe-binaries: new script to prebuild sysdig-probe binaries for a specific set of kernel configurations (currently CoreOS) and upload them to S3 so that they can be downloaded at runtime on environments that don’t ship kernel headers

New and updated chisels

  • lscontainers: List the running containers.
  • topcontainers_cpu: Top containers by CPU usage.
  • topcontainers_error: Top containers by number of errors.
  • topcontainers_file: Top containers by R+W disk bytes.
  • topcontainers_net: Top containers by network I/O.
  • echo_fds: container-aware (with -pc).
  • fileslower: container-aware (with -pc).
  • list_login_shells: container-aware (with -pc).
  • netlower: container-aware (with -pc).
  • proc_exec_time: container-aware (with -pc).
  • scallslower: container-aware (with -pc).
  • spy_logs: container-aware (with -pc).
  • spy_syslog: container-aware (with -pc).
  • spy_users: container-aware (with -pc).
  • stderr: container-aware (with -pc).
  • topconns: container-aware (with -pc).
  • topfiles_bytes: container-aware (with -pc).
  • topfiles_errors: container-aware (with -pc).
  • topfiles_time: container-aware (with -pc).
  • topports_server: container-aware (with -pc).
  • topprocs_cpu: container-aware (with -pc).
  • topprocs_errors: container-aware (with -pc).
  • topprocs_file: container-aware (with -pc).
  • topprocs_net: container-aware (with -pc).
  • topscalls: container-aware (with -pc).
  • topscalls_time: container-aware (with -pc).

New and updated filter fields

  • thread.cgroups: all the cgroups the thread belongs to, aggregated into a single string.
  • thread.cgroup: the cgroup the thread belongs to, for a specific subsystem. E.g.thread.cgroup.cpuacct.
  • thread.vtid: the id of the thread generating the event as seen from its current PID namespace.
  • proc.vpid: the id of the process generating the event as seen from its current PID namespace.
  • container.id: the container id.
  • container.name: the container name.
  • container.image: the container image.

New and Updated events

  • clone, execve, fork, vfork: add cgroups, vtid and vpid to the events to correctly report control group and PID namespaces information.

A blog post with an in-depth look at this new functionality will be published very soon.  Stay tuned!

Downloads

Resources

Release details

Update instructions

Installation instructions

Source code

Support

Community support is available on the sysdig mailing list.

Bugs and issues can be submitted through github.

Stay up to date

Sign up to receive our newest.