Sysdig is a powerful open-source system analysis tool that can capture and inspect system state and activity on a running Linux-based system. Sysdig is scriptable in Lua and includes a command-line interface and a powerful interactive UI. The Sysdig UI can filter and analyze captured data, making it particularly useful for system debugging and inspection. Sysdig is also extensible, allowing users to create custom scripts and plugins to extend its functionality. Overall, Sysdig is an extremely powerful and versatile tool that can be used for various system administration and analysis tasks.
The following tutorial will teach you how to install Sysdig on Arch Linux using the command line terminal and basic commands for using Sysdig.
Table of Contents
Update Arch Linux
Before you proceed, run a quick update to ensure all packages are up-to-date to avoid conflicts.
sudo pacman -Syu
Sometimes, you may need a complete database download if you have not upgraded your Arch Linux system for a while; use the following command if the above update command does not work.
sudo pacman -Syyu
Lastly, Arch Linux being a rolling release, on the rare occasion when updating packages with Pacman GPG keys can become invalid or corrupt. If both commands do not work, use the following command.
sudo pacman -S archlinux-keyring
Once done, use one of the two commands above to check and proceed to upgrade your Arch Linux system.
Sysdig is, by default, available on Arch Linux official repositories, making the installation straightforward without needing packages from the AUR, for example.
sudo pacman -S linux-headers sysdig sysdig-dkms ncurses
The overall process should not take longer than a few minutes at most.
For users installing Linux Headers, you must reboot your system or the application will not execute properly when using commands.
Once installed, confirm the version and build of Sysdig by using the following.
sysdig version 0.29.3
Now that you have installed Sysdig, you can use the monitoring software, which will be done with the csysdig command. A word of note, you need to run sysdig as root because it requires access to critical areas.
First, use the following commands to find out help and additional commands.
Now, bring up the monitor with the csysdig command.
Next, besides using the csysdig GUI in your terminal, you can run the sysdig command to bring up stats directly.
In the first example, run the following command to see the top processes ranked by CPU utilization percentage.
sysdig -c topprocs_cpu
Run the following command to see the system’s network connections.
sysdig -c netstat
In the last example, see a list of system processes.
sysdig -c ps
The above command examples are just a fraction of what you can achieve with Sysdig.
How to Update/Upgrade Sysdig
Since you have imported the official Pacman repository, updating Sysdig is quick and straightforward; run the following standard commands as you would updating any other system package.
sudo pacman -Syu
How to Remove (Uninstall) Sysdig
When you no longer require Sysdig installed on your system, use the following command to remove it.
sudo pacman -Rs sysdig sysdig-dkms
Optionally, you can remove ncurses and the Linux Headers. However, I would advise you to ensure you check to see if other applications are using it. For safety, just remove Sysdig and the command above.
Comments and Conclusion
Overall, Sysdig is an extremely powerful and versatile tool that can be used for various system administration and analysis tasks. Its ability to capture and inspect system state and activity on a running Linux-based system makes it particularly useful for debugging and troubleshooting. Additionally, its scriptable nature allows users to extend its functionality with custom scripts and plugins. If you are looking for a powerful open-source system analysis tool, Sysdig is worth considering.