- Many minor bugfixes
- Container support: sysdig now supports Docker, LXC and libvirt-lxc containers, with several sub-features described below and in the documentation
- supports to an alternate
/procfile system tree (useful in containers) by setting the environment variableSYSDIG_HOST_ROOT - supports parsing network connections from
/procfrom a network namespace different than the global one - container information is available in the chisel API (thread table)
-pcand-pcontainerwill use a container-friendly output format for events- Automated Docker builds for running sysdig:https://registry.hub.docker.com/u/sysdig/sysdig/
sysdig-probe-loader: new script included with sysdig to facilitate loading thesysdig-probemodule in atypic environments such as containersbuild-sysdig-probe-binaries: new script to prebuildsysdig-probebinaries for a specific set of kernel configurations (currently CoreOS) and upload them to S3 so that they can be downloaded at runtime on environments that don’t ship kernel headers
lscontainers: List the running containers.topcontainers_cpu: Top containers by CPU usage.topcontainers_error: Top containers by number of errors.topcontainers_file: Top containers by R+W disk bytes.topcontainers_net: Top containers by network I/O.echo_fds: container-aware (with-pc).fileslower: container-aware (with-pc).list_login_shells: container-aware (with-pc).netlower: container-aware (with-pc).proc_exec_time: container-aware (with-pc).scallslower: container-aware (with-pc).spy_logs: container-aware (with-pc).spy_syslog: container-aware (with-pc).spy_users: container-aware (with-pc).stderr: container-aware (with-pc).topconns: container-aware (with-pc).topfiles_bytes: container-aware (with-pc).topfiles_errors: container-aware (with-pc).topfiles_time: container-aware (with-pc).topports_server: container-aware (with-pc).topprocs_cpu: container-aware (with-pc).topprocs_errors: container-aware (with-pc).topprocs_file: container-aware (with-pc).topprocs_net: container-aware (with-pc).topscalls: container-aware (with-pc).topscalls_time: container-aware (with-pc).
thread.cgroups: all the cgroups the thread belongs to, aggregated into a single string.thread.cgroup: the cgroup the thread belongs to, for a specific subsystem. E.g.thread.cgroup.cpuacct.thread.vtid: the id of the thread generating the event as seen from its current PID namespace.proc.vpid: the id of the process generating the event as seen from its current PID namespace.container.id: the container id.container.name: the container name.container.image: the container image.
clone,execve,fork,vfork: addcgroups,vtidandvpidto the events to correctly report control group and PID namespaces information.