As you may already know, Sysdig is an open-source, system-level exploration tool created by the developers of WinPCap and Wireshark. It captures system calls and tracepoints, providing real-time system information and permits the users to export the output in text files.
Basically, Sysdig has the features of strace + tcpdump + lsof.
The latest version available is Sysdig 0.1.101, which brings small fixes only:
- Disable use_json-value-nullref.patch due to FTBFS on older systems
Installation instructions:
Up to date packages are available via some third party PPA, so installing Sysdig on Ubuntu 15.04 Vivid Vervet, Ubuntu 14.10 Utopic Unicorn, Ubuntu 14.04 Trusty Tahr and derivative systems like Linux Mint 17.2 Rafaela, Linux Mint 17.1 Rebecca, Linux Mint 17 Qiana, Pinguy OS 14.04, Elementary OS 0.3 Freya, Deepin 2014, Peppermint 6, Peppermint 5, LXLE 14.04 and Linux Lite 2 systems is easy. Just add the PPA to your system, update the local repository index and install the sysdig package:
$ sudo add-apt-repository ppa:eugenesan/ppa
$ sudo apt-get update
$ sudo apt-get install sysdig
Optional, to remove sysdig, do:
$ sudo apt-get remove sysdig
Basic usage instructions:
To write the output in a textfile (in binary format), do:
$ sudo sysdig -w /path/to/file.out
Display the output in ASCII and redirect it to a file:
$ sudo sysdig -A > /path/to/file.out
To read sysdig files, do:
$ sudo sysdig -r /path/to/file.out
For more usage instructions, read this article.