Case Studies

Blog Post

Announcing Sysdig 0.1.98

Bug Fixes

  • Many minor bugfixes

New and updated features

  • Container support: sysdig now supports Docker, LXC and libvirt-lxc containers, with several sub-features described below and in the documentation
  • supports to an alternate /proc file system tree (useful in containers) by setting the environment variable SYSDIG_HOST_ROOT
  • supports parsing network connections from /proc from a network namespace different than the global one
  • container information is available in the chisel API (thread table)
  • -pc and -pcontainer will use a container-friendly output format for events
  • Automated Docker builds for running sysdig:https://registry.hub.docker.com/u/sysdig/sysdig/
  • sysdig-probe-loader: new script included with sysdig to facilitate loading the sysdig-probemodule in atypic environments such as containers
  • build-sysdig-probe-binaries: new script to prebuild sysdig-probe binaries for a specific set of kernel configurations (currently CoreOS) and upload them to S3 so that they can be downloaded at runtime on environments that don’t ship kernel headers

New and updated chisels

  • lscontainers: List the running containers.
  • topcontainers_cpu: Top containers by CPU usage.
  • topcontainers_error: Top containers by number of errors.
  • topcontainers_file: Top containers by R+W disk bytes.
  • topcontainers_net: Top containers by network I/O.
  • echo_fds: container-aware (with -pc).
  • fileslower: container-aware (with -pc).
  • list_login_shells: container-aware (with -pc).
  • netlower: container-aware (with -pc).
  • proc_exec_time: container-aware (with -pc).
  • scallslower: container-aware (with -pc).
  • spy_logs: container-aware (with -pc).
  • spy_syslog: container-aware (with -pc).
  • spy_users: container-aware (with -pc).
  • stderr: container-aware (with -pc).
  • topconns: container-aware (with -pc).
  • topfiles_bytes: container-aware (with -pc).
  • topfiles_errors: container-aware (with -pc).
  • topfiles_time: container-aware (with -pc).
  • topports_server: container-aware (with -pc).
  • topprocs_cpu: container-aware (with -pc).
  • topprocs_errors: container-aware (with -pc).
  • topprocs_file: container-aware (with -pc).
  • topprocs_net: container-aware (with -pc).
  • topscalls: container-aware (with -pc).
  • topscalls_time: container-aware (with -pc).

New and updated filter fields

  • thread.cgroups: all the cgroups the thread belongs to, aggregated into a single string.
  • thread.cgroup: the cgroup the thread belongs to, for a specific subsystem. E.g.thread.cgroup.cpuacct.
  • thread.vtid: the id of the thread generating the event as seen from its current PID namespace.
  • proc.vpid: the id of the process generating the event as seen from its current PID namespace.
  • container.id: the container id.
  • container.name: the container name.
  • container.image: the container image.

New and Updated events

  • clone, execve, fork, vfork: add cgroups, vtid and vpid to the events to correctly report control group and PID namespaces information.

A blog post with an in-depth look at this new functionality will be published very soon.  Stay tuned!

Downloads

Resources

Release details

Update instructions

Installation instructions

Source code

Support

Community support is available on the sysdig mailing list.

Bugs and issues can be submitted through github.




Gartner Report! Reimagining Security for a Cloud Native DevSecOps World

Read the Report for Gartner's Recommendations on rethinking:

  • How services can be securely deployed and maintained
  • How service access can be protected from attacks
  • How sensitive information can be protected
  • How service delivery incidents - including security - can be handled

Download the Gartner Report now http://bit.ly/2OBE6Es

Share This

Stay up to date

Sign up to recieve our newest.