Sysdig is open source, system-level exploration: capture system state and activity from a running Linux-based system such as Debian 11, then save, filter, and analyze that is particularly useful for system analysis, inspection, and debugging, amongst other uses. Sysdig is scriptable in Lua and includes a command-line interface and a powerful interactive UI using the command csysdig that runs in your terminal.
The following tutorial will teach you how to install Sysdig on Debian 11 Bullseye using the command line terminal and basic commands for using Sysdig.
Table of Contents
First, before anything, update your system to ensure all existing packages are up to date.
sudo apt update && sudo apt upgrade -y
Install Required Packages
To complete the installation, you will need to install the following software packages using the following command in your terminal.
sudo apt install software-properties-common apt-transport-https wget ca-certificates gnupg2 ncurses-term dkms -y
Import Sysdig Repository
By default, Sysdig is not available on Debian 11’s repository; luckily, a repository exists from the developer.
First, import the GPG key using the following command.
sudo wget -O- https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | gpg --dearmor | sudo tee /usr/share/keyrings/sysdig.gpg
Next, import the repository.
echo 'deb [signed-by=/usr/share/keyrings/sysdig.gpg] https://download.sysdig.com/stable/deb stable-$(ARCH)/' | sudo tee /etc/apt/sources.list.d/sysdig.list
Note the $(ARCH) will match any supported architectures that Sysdig currently supports.
Lastly, run an APT update.
sudo apt update
With the repository now imported, run the following command to install Sysdig.
sudo apt install linux-headers-$(uname -r) sysdig -y
The overall process should not take longer than a few minutes at most.
Once installed, confirm the version and build of Sysdig by using the following.
Now that you have installed Sysdig, you can use the monitoring software, which will be done with the csysdig command. A word of note, you need to run sysdig as root because it requires access to critical areas such as /proc file system, /dev/sysdig* devices, and needs to auto-load the sysdig-probe kernel module.
First, bring up the display using the following command.
You will see the following screen below.
If you have trouble opening Sysdig, check the troubleshooting at the bottom of the tutorial.
Next, you can press the F2 button to change the view for future reference.
In the menu view above, you can use your arrow keys to move around and select an option you want to monitor. For example, if you see the Processes CPU, scroll down and hit the ENTER key, displaying the following.
Example of Process Cpu Stats:
To return to the previous menu selection, use the F2 button key. From here, you can select quite an extensive list. Alternatively, you can use the terminal line commands. Some examples of these commands are shown below.
Run the following command to see the top processes ranked by CPU utilization percentage.
sudo sysdig -c topprocs_cpu
Run the following command to see the system’s network connections.
sudo sysdig -c netstat
To see a list of system processes.
sudo sysdig -c ps
If you encounter the following problem when trying to use the csysdig for the first time (Error opening terminal: xterm-256color). This can be solved most times by installing the next package.
sudo apt install ncurses-term
How to Update/Upgrade Sysdig
Since you have imported the official APT repository, updating Sysdig is quick and straightforward; run the following standard APT commands as you would updating any other system package.
sudo apt update && sudo apt upgrade
How to Remove (Uninstall) Sysdig
When you no longer require Sysdig installed on your system, use the following command to remove it.
sudo apt autoremove sysdig --purge -y
Next, remove the GPG key.
sudo rm /usr/share/keyrings/sysdig.gpg
Lastly, remove the repository.
sudo rm /etc/apt/sources.list.d/sysdig.list
Comments and Conclusion
Overall, Sysdig combined the functionality of several existing command-line tools and integrated them into one single application with an excellent GUI or uses traditional terminal commands to monitor nearly any part of your Linux system.