Recommended
More Related Content
What's hot
What's hot (20)
Similar to Sysdig SRECon 16 Europe
Similar to Sysdig SRECon 16 Europe (20)
More from Alejandro E Brito Monedero
More from Alejandro E Brito Monedero (14)
Recently uploaded
Recently uploaded (20)
Sysdig SRECon 16 Europe
- 1. Alejandro E. Brito Monedero @ae_bm http://us.cdn1.123rf.com/168nwm/chagall/chagall0903/chagall090300002/4464959-a-pot-of-gold.jpg
- 5. strace It cannot trace all processes UX …. Context switches everywhere multiprocess ….
- 6. Wireshark Only network High traffic networks How to relate a network capture with a process that is not currently running?
- 8. eBPF http://cdn.static-economist.com/sites/default/files/images/print-edition/20130406_LDP001_0.jpg
- 10. Sysdig strace & wireshark had a child containers containers containers save captures chisels (lua scripts) syscall level only Needs to compile a kernel module
- 12. Containers docker run -i -t --name sysdig --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/sysdig http://www.sysdig.org/install/
- 13. Examples Store all the open syscalls in the system sysdig -w capture.scap evt.type=open Top 10 slowest syscalls sysdig -c bottlenecks "evt.latency > 0"
- 14. Examples What does cron writes or read from its FDs sysdig -c echo_fds disable_color proc.name=cron What files where opened in the system sysdig -r capture.scap -p "%proc.name" | sort | uniq
- 15. Examples Create a more filtered captured file sysdig -r capture.scap -w comm_capt.scap “proc.name = command” P0rn sysdig -c spectrogram sysdig -c subsecoffset csysdig
- 16. More info about sysdig Internet http://www.sysdig.org/wiki/ https://sysdig.com/blog/linux- troubleshooting-cheatsheet/ View all filters available sysdig -l
- 17. More info about sysdig List chisels sysdig -cl View supported events sysdig -L Chisel info sysdig -i <chisel>