Sysdig

Sysdig is a Linux system observability tool and kernel event analyzer designed for capturing and analyzing kernel-level system calls and operating system events. It functions as a system call tracer and container security monitor, providing deep visibility into the activity of machines, virtual machines, and containers.

The project specializes in non-invasive container inspection, allowing for the monitoring of container activity and resource usage without modifying the container environment or adding instrumentation. It enables the recording of detailed system traces into binary files for retrospective offline analysis and debugging.

The toolset covers broad capability areas including host environment diagnostics, Linux system troubleshooting, and interactive system state visualization via a terminal user interface. Security is managed through execution group restrictions to limit tool access to authorized privileged users.

Features

Kernel Event Tracers - Intercepts system calls and operating system events directly from the kernel for deep visibility into system activity.

Container Monitoring - Inspects the behavior and resource usage of containers through non-invasive kernel monitoring.

Container Inspection Interfaces - Analyzes container activity by monitoring host kernel interfaces without modifying the container environment.

Activity Recording - Records system calls and OS events at the kernel level for deep visibility into machines and containers.

Container Security - Monitors container activity and system state for security purposes without requiring environment instrumentation.

Container Observability Tools - Analyzes system activity within containers without requiring modification of the container environment.

System Call Tracing - Records detailed system traces and activity files for retrospective offline analysis of Linux system behavior.

Trace Recording - Provides the ability to record detailed system traces into binary files for retrospective offline analysis and debugging.

Linux Troubleshooting - Analyzes kernel-level system calls and OS events to diagnose performance issues or crashes on Linux machines.

Environment Diagnostics - Investigates interactions between the host kernel and virtualized environments to resolve system conflicts.

Execution Tracing Systems - Analyzes stored trace files of system activity to preserve rich context for retrospective debugging.

Terminal Interaction - Displays system activity and resource usage through a customizable interactive terminal user interface.

System Trace Serialization - Records detailed system state and activity into binary files for retrospective offline analysis and troubleshooting.

Terminal User Interfaces - Provides a customizable text-based user interface for real-time visualization of system resource usage and activity.

Observability and Monitoring - System exploration and troubleshooting tool for Linux.

Troubleshooting Tools - System-level capture and analysis tool for Linux.

Command Line Tools - Listed in the “Command Line Tools” section of the The Book Of Secret Knowledge awesome list.

System Dashboards - Linux system exploration and troubleshooting with container support.

Troubleshooting Tools - Captures and analyzes system state and activity.

draiossysdig

Features

Star history