How to Install Sysdig on Debian 12, 11 or 10

Originally posted on Friday, October 27, 2023 by Joshua James
Last Updated on Friday, October 27, 2023
Estimated reading time: 10 minutes
Easy-to-follow feature image guide on installing Sysdig on Debian 12, 11, or 10 Linux.

Sysdig is a comprehensive monitoring and troubleshooting tool for modern, containerized environments. It offers unparalleled visibility and in-depth insights into infrastructure, applications, and services, ensuring optimal performance, security, and compliance. For those operating on Debian systems, including Debian 12 Bookworm, Debian 11 Bullseye, or Debian 10 Buster, integrating Sysdig can significantly enhance system management capabilities.

Key Features and Advantages of Sysdig:

  • Container-Native Support: Sysdig is meticulously crafted to seamlessly integrate with containerized environments, including Kubernetes and Docker, providing effortless monitoring and troubleshooting for container-based applications and services.
  • In-Depth System Visibility: With Sysdig, users gain access to a comprehensive array of metrics, logs, events, and network data, ensuring quick identification and resolution of performance bottlenecks, security threats, and other potential issues.
  • Versatile Deployment Options: Whether on-premises or in the cloud, Sysdig’s flexible deployment accommodates various organizational needs, ensuring compatibility with major cloud platforms such as AWS, GCP, and Azure.
  • Advanced Analytics and Alerting: The platform’s sophisticated analytics engine enables the creation of custom dashboards, visualizations, and alerts, facilitating real-time tracking and analysis of infrastructure, applications, and services.
  • Robust Security and Compliance: Sysdig ensures a secure environment, integrating threat detection, runtime security, and compliance monitoring to safeguard against threats and uphold industry standards.

Sysdig proves indispensable for DevOps and IT professionals aiming for seamless system operation. As we proceed, this guide will provide detailed instructions on how to install Sysdig on Debian 12 Bookworm, Debian 11 Bullseye, or Debian 10 Buster, ensuring you are well-equipped to manage and optimize your systems.

Install Sysdig on Debian 12, 11 or 10

Step 1: Update the Debian System Before Sysdig Installation

Before installing Sysdig, ensuring that your Debian system is current is essential. This ensures that all existing packages are updated to their latest versions, improving your system’s stability and security.

To update your system, execute the following command in your terminal:

sudo apt update && sudo apt upgrade

Step 2: Install Required Packages on Debian

To successfully install Sysdig on your Debian system, you must install some prerequisite software packages. These packages enable proper functionality and integration of Sysdig with your system. Run the following command in your terminal to install the required packages:

sudo apt install software-properties-common apt-transport-https ca-certificates ncurses-term dkms -y

Step 3: Import Sysdig APT Repository on Debian

By default, Sysdig is not available in Debian’s official repository. However, a dedicated repository exists, maintained by the developers of Sysdig.

To add this repository to your system, follow these steps:

Import the Sysdig GPG key

The GPG key ensures the authenticity and integrity of the packages downloaded from the Sysdig repository. Run the following command to import the GPG key:

curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | gpg --dearmor | sudo tee /usr/share/keyrings/sysdig.gpg

Add the Sysdig APT repository

After importing the GPG key, you can add the Sysdig repository to your system’s sources list by running the following command:

echo 'deb [signed-by=/usr/share/keyrings/sysdig.gpg] https://download.sysdig.com/stable/deb stable-$(ARCH)/' | sudo tee /etc/apt/sources.list.d/sysdig.list

Note that the $(ARCH) variable will be automatically replaced with the appropriate architecture that Sysdig currently supports.

Step 4: Refresh APT Cache Index

After adding the Sysdig repository to your system, update your package list to include the newly added repository. This ensures that the Sysdig package will be available for installation. To update the package list, run the following command:

sudo apt update

Step 5: Install Sysdig via APT Command on Debian

Now that you have added the Sysdig repository to your system and updated the package list, you can proceed with the installation of Sysdig. To do so, run the following command in your terminal:

sudo apt install linux-headers-$(uname -r) sysdig -y

This command installs the appropriate Linux headers for your kernel version and the Sysdig package itself. The installation process should be relatively quick and should not take longer than a few minutes at most.

Step 6: Verify Sysdig Installation

After completing the installation, verifying that Sysdig has been installed correctly on your Debian system is essential. To check the version and build of Sysdig, run the following command in your terminal:

sysdig --version

Getting Started with Sysdig Commands on Debian 12, 11 or 10

Sysdig offers a wide range of commands that allow you to monitor and troubleshoot your containerized environments effectively. This section will explore some of the most useful Sysdig commands, divided into several categories for easy understanding. The examples provided will help you start using Sysdig commands for various purposes.

Basic Sysdig Commands

Before diving into more advanced features, let’s start with some basic Sysdig commands that help you understand your system’s overall status.

List Running Processes

To display a list of currently running processes on your system, use the following command:

sysdig -l

This command will output a list of running processes, providing you with an overview of the current state of your system.

Monitor System Activity

If you want to monitor your system’s real-time activity, you can use the following command:

sysdig -c topprocs_cpu

This command will display the top processes consuming the most CPU resources, helping you quickly identify resource-intensive applications and potential performance bottlenecks.

Filtering Sysdig Output

Sysdig allows you to apply filters to the output, enabling you to focus on specific processes, containers, or events of interest. Here are some examples of using filters with Sysdig commands:

sysdig proc.name=nginx

Filter by Container Name

Similarly, you can filter the output to display events related to a specific container. To do so, use the container.name filter as shown in the following example:

sysdig container.name=my_container

Replace my_container with the actual name of the container you want to monitor.

Advanced Sysdig Commands

Sysdig also offers advanced commands that provide deeper insights into your containerized environments. Let’s explore some of these commands.

Monitor File I/O Activity

To monitor file I/O activity on your system, you can use the spy_file Sysdig command. This command will display information about files being accessed, the processes accessing them, and the I/O operations performed. To use this command, run:

sysdig -c spy_file

Analyze Network Connections

Sysdig can help you analyze your system’s network connections and detect potential issues or security threats. To display information about network connections, use the netstat command as follows:

sysdig -c netstat

This command will output a list of active network connections, including the source and destination IP addresses, ports, and connection state.

Creating Custom Sysdig Views

Sysdig allows you to create custom views, focusing on specific metrics and data points relevant to your needs. Here’s an example of creating a custom Sysdig view:

Custom View for CPU Usage

To create a custom view that displays the CPU usage of processes, use the following command:

sysdig -c topprocs_cpu "evt.type=execve and proc.name=my_process"

Replace my_process with the actual name of the process you want to monitor.

This custom view will display the top processes consuming the most CPU resources, filtered by the specified process name. You can customize this view by modifying the filter or adding additional metrics.

Getting Started with cSysdig Commands on Debian 12, 11 or 10

cSysdig is an interactive, terminal-based user interface for Sysdig that provides a more user-friendly way to navigate system metrics and events. cSysdig commands are similar to Sysdig commands but are executed within the cSysdig interface rather than the terminal directly. This section will introduce you to cSysdig and some essential commands and features you can use within the interface.

Step 1: Launching cSysdig

To launch cSysdig, run the following command in your terminal:

csysdig

Depending on your user privileges, you may need to add sudo before the command to launch cSysdig with administrative permissions.

This will open the cSysdig interface, where you can explore various views and execute cSysdig commands.

Step 2: Navigating the cSysdig Interface

cSysdig organizes information into several built-in views, each focusing on a specific aspect of your system. You can switch between these views using the F2 key or by typing : followed by the view name.

Here are some essential cSysdig views:

  • Processes: Displays a list of running processes and their resource usage. (Shortcut: :processes)
  • Connections: Shows active network connections, including source and destination IP addresses, ports, and connection state. (Shortcut: :connections)
  • Errors: Highlights system errors and exceptions. (Shortcut: :errors)
  • Containers: Lists running containers and their resource usage. (Shortcut: :containers)

Step 3: cSysdig Commands and Shortcuts

cSysdig provides several commands and shortcuts that help you navigate the interface and interact with the displayed data. Here are some useful cSysdig commands and shortcuts:

  • F1 or h: Display the help menu, providing an overview of available commands and shortcuts.
  • F2 or v: Switch between available views.
  • F4 or l: Apply a filter to the current view. For example, you can filter processes by their name or containers by their ID.
  • F5 or s: Sort the current view by a specific column.
  • F6 or a: Add or remove columns from the current view.
  • Esc or q: Quit cSysdig or close the current menu.

Step 4: Creating Custom Views in cSysdig

Like with Sysdig, you can create custom views in cSysdig to focus on specific metrics and data points relevant to your needs. To create a custom view, follow these steps:

  1. Press F2 or type :addview to open the “Add View” menu.
  2. Enter a name for your custom view.
  3. Define the columns you want to include in your view by typing the respective column names.
  4. Add a filter to your custom view by pressing F4 and entering the filter criteria.
  5. Save your custom view by pressing Enter.

You can now switch to your custom view using the F2 key or by typing :your_view_name.

Screengrab showcasing the cysdig terminal settings menu on a Debian Linux system.
A closer look at the cysdig terminal settings menu captured on a Debian Linux environment.

Additional Commands for Sysdig on Debian 12, 11 or 10

This section will cover additional commands you may find helpful when working with Sysdig on Debian. These commands include updating, removing, and managing Sysdig’s installation on your system.

Update Sysdig on Debian

Since you have imported the official APT repository for Sysdig, updating the software is quick and straightforward. To update Sysdig, run the following standard APT commands as you would when updating any other system package:

sudo apt update && sudo apt upgrade

This command will ensure that Sysdig and all other installed packages on your system are up to date.

Remove Sysdig From Debian

If you no longer require Sysdig on your system, follow these steps to remove it:

Uninstall Sysdig

Use the following command to remove the Sysdig package from your system:

sudo apt remove sysdig

Remove the Sysdig GPG key

To remove the GPG key used to authenticate Sysdig packages, run the following command:

sudo rm /usr/share/keyrings/sysdig.gpg

Remove the Sysdig APT Repository

Finally, remove the Sysdig repository from your system by executing the following command:

sudo rm /etc/apt/sources.list.d/sysdig.list

Conclusion: Installing Sysdig on Debian

This guide covered installing Sysdig on Debian Linux, including Debian 12 Bookworm, Debian 11 Bullseye, and Debian 10 Buster. We have demonstrated how to update your system, install required packages, import the Sysdig repository, and install Sysdig using the APT repository for the latest version and future updates. We have also discussed various Sysdig commands, explored the interactive terminal-based interface of cSysdig, and provided instructions for updating and removing Sysdig from your system.

You may also like:

  1. How to Install ModSecurity 3, OWASP CRS with Nginx on Debian 12, 11, or 10
  2. How to Install Jellyfin Media Server on Debian 12, 11 or 10
  3. How to Install Steam on Debian 12, 11 or 10
  4. How to Install Docker CE on Debian 12, 11, or 10
  5. How to Install Kodi on Debian 12, 11 or 10
  6. How to Install VirtualBox 7.0 on Debian 12, 11 or 10
  7. How to Install Redis on Debian 12, 11 or 10
  8. How to Install Tripwire IDS on Debian 12, 11 or 10
  9. How to Install Nvidia Drivers on Debian 12, 11 or 10
  10. How to Install Shotcut on Debian Linux 12, 11 or 10

How to Install LAMP on Debian 12, 11 or 10

How to Install WoeUSB on Fedora 39, 38 Linux

Leave a Comment


If you have any legitimate inquiries, such as article suggestions, don't hesitate to contact LinuxCapable. Kindly ensure that your message is written in the English language.

Contact Us
About Us Copyright Policy Disclaimer Privacy Policy Terms & Conditions Contact Us