Bug Fixes
- Many minor bugfixes
New and updated features
- Container support: sysdig now supports Docker, LXC and libvirt-lxc containers, with several sub-features described below and in the documentation
- supports to an alternate
/procfile system tree (useful in containers) by setting the environment variableSYSDIG_HOST_ROOT - supports parsing network connections from
/procfrom a network namespace different than the global one - container information is available in the chisel API (thread table)
-pcand-pcontainerwill use a container-friendly output format for events- Automated Docker builds for running sysdig:https://registry.hub.docker.com/u/sysdig/sysdig/
sysdig-probe-loader: new script included with sysdig to facilitate loading thesysdig-probemodule in atypic environments such as containersbuild-sysdig-probe-binaries: new script to prebuildsysdig-probebinaries for a specific set of kernel configurations (currently CoreOS) and upload them to S3 so that they can be downloaded at runtime on environments that don’t ship kernel headers
New and updated chisels
lscontainers: List the running containers.topcontainers_cpu: Top containers by CPU usage.topcontainers_error: Top containers by number of errors.topcontainers_file: Top containers by R+W disk bytes.topcontainers_net: Top containers by network I/O.echo_fds: container-aware (with-pc).fileslower: container-aware (with-pc).list_login_shells: container-aware (with-pc).netlower: container-aware (with-pc).proc_exec_time: container-aware (with-pc).scallslower: container-aware (with-pc).spy_logs: container-aware (with-pc).spy_syslog: container-aware (with-pc).spy_users: container-aware (with-pc).stderr: container-aware (with-pc).topconns: container-aware (with-pc).topfiles_bytes: container-aware (with-pc).topfiles_errors: container-aware (with-pc).topfiles_time: container-aware (with-pc).topports_server: container-aware (with-pc).topprocs_cpu: container-aware (with-pc).topprocs_errors: container-aware (with-pc).topprocs_file: container-aware (with-pc).topprocs_net: container-aware (with-pc).topscalls: container-aware (with-pc).topscalls_time: container-aware (with-pc).
New and updated filter fields
thread.cgroups: all the cgroups the thread belongs to, aggregated into a single string.thread.cgroup: the cgroup the thread belongs to, for a specific subsystem. E.g.thread.cgroup.cpuacct.thread.vtid: the id of the thread generating the event as seen from its current PID namespace.proc.vpid: the id of the process generating the event as seen from its current PID namespace.container.id: the container id.container.name: the container name.container.image: the container image.
New and Updated events
clone,execve,fork,vfork: addcgroups,vtidandvpidto the events to correctly report control group and PID namespaces information.
A blog post with an in-depth look at this new functionality will be published very soon. Stay tuned!
Downloads
Resources
Support
Community support is available on the sysdig mailing list.
Bugs and issues can be submitted through github.
Gartner Report! Reimagining Security for a Cloud Native DevSecOps World
Read the Report for Gartner's Recommendations on rethinking:
- How services can be securely deployed and maintained
- How service access can be protected from attacks
- How sensitive information can be protected
- How service delivery incidents - including security - can be handled
Download the Gartner Report now http://bit.ly/2OBE6Es
