Sysdig – Linux System Troubleshooting Tool

Outsmart Malicious Hackers

Sysdig is open source, Linux System Troubleshooting Tool: capture system state and activity from a running Linux instance, then save, filter and analyze. Think of it as strace + tcpdump + lsof + awesome sauce. With a little Lua cherry on top.


Sysdig was born from a team’s constant frustration. System level troubleshooting is just way more of a pain than it should be — especially in distributed, virtualized, and cloud-based environments. So they took the lessons they learned while building network monitoring tools like WinPCap and Wireshark and created a new kind of system troubleshooting tool for Linux.

Sysdig captures system calls and other system level events using a linux kernel facility called tracepoints, which means much less overhead than strace.

It then “packetizes” this information, so that you can save it into trace files and filter it, a bit like you would do with tcpdump. This makes it very flexible to explore what processes are doing.

Sysdig is also packed with a set of scripts that make it easier to extract useful information and do troubleshooting.

To install Sysdig, just run this with sudo or as root:

Or read more here.

Posted in: Forensics, Linux Hacking

, , , , , , ,

Recent in Forensics:
- Androguard – Reverse Engineering & Malware Analysis For Android
- Volatility Framework – Advanced Memory Forensics Framework
- CuckooDroid – Automated Android Malware Analysis

Related Posts:

Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 66,717 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 35,163 views
- OpenDLP – Free & Open-Source Data Loss Prevention (DLP) Tool - 32,855 views

One Response to Sysdig – Linux System Troubleshooting Tool

  1. Etescartz April 8, 2014 at 2:29 pm #

    Thanks for the tip. This seems like a great tool. I’m going to give it test drive to get an idea of how it could benefit me.