Sysdig is open source, Linux System Troubleshooting Tool: capture system state and activity from a running Linux instance, then save, filter and analyze. Think of it as strace + tcpdump + lsof + awesome sauce. With a little Lua cherry on top.
Sysdig was born from a team’s constant frustration. System level troubleshooting is just way more of a pain than it should be — especially in distributed, virtualized, and cloud-based environments. So they took the lessons they learned while building network monitoring tools like WinPCap and Wireshark and created a new kind of system troubleshooting tool for Linux.
Sysdig captures system calls and other system level events using a linux kernel facility called tracepoints, which means much less overhead than strace.
It then “packetizes” this information, so that you can save it into trace files and filter it, a bit like you would do with tcpdump. This makes it very flexible to explore what processes are doing.
Sysdig is also packed with a set of scripts that make it easier to extract useful information and do troubleshooting.
To install Sysdig, just run this with sudo or as root:
curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash
Or read more here.
- HoneyDrive Desktop v0.2 Released – Honeypot LiveCD
- Mobius Forensic Toolkit 0.5.10 – Forensics Framework To Manage Cases & Case Items
- Rec Studio 4 – Reverse Engineering Compiler & Decompiler
- Using the capture command in a Cisco Systems PIX firewall.
- Damn Vulnerable Linux – DVL – IT-Security Attack and Defense
- Free Prep Material for LPI Linux Certification (LPI 201 and 202)
Most Read in Forensics:
- NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows - 65,626 views
- raw2vmdk – Mount Raw Hard Disk (dd) Images As VMDK Virtual Disks - 29,461 views
- sslsniff v0.6 Released – SSL MITM Tool - 26,882 views