Wednesday, 8 March 2017


To see system calls.

Primary resource for sysdig examples:

Get 5 seconds of system calls:
  • sudo timeout 5s sysdig -w hi.cap

Analise the file [use tab completion there are loads of functions]:
  •  IO reads & No. reads that failed: 
    • sysdig -r hi.cap evt.type=read
    • sysdig -r hi.cap evt.type=read and evt.failed = true | wc -l                    
  • Calls to IP:
    • sysdig -r hi.cap fd.ip=IP
  •  Top sys calls:
    • sysdig -r hi.cap -c topscalls
  • Speed of sys calls:
    • sysdig  -c spectrogram
 Or call sysdig directly without the snapshot file:
  • See http calls:
    • sudo sysdig -c httplog        
  • See busy containers
    •  sudo sysdig -c topcontainers_cpu    
  • See the top processes in terms of network bandwidth usage 
    • sysdig -c topprocs_net
  • View the list of containers running on the machine and their resource usage
    • sudo csysdig -vcontainers


* sudo strace
eg: to see calls made by a command:
*  sudo strace touch foo 

No comments:

Post a Comment