sysdig, evacuated from NSA/Microsoft Github
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
anonymous cypherpunk c8e6690394 degithubbing 3 weeks ago
cmake/modules imported from debian 3 weeks ago
docker imported from debian 3 weeks ago
img imported from debian 3 weeks ago
probe-builder imported from debian 3 weeks ago
scripts imported from debian 3 weeks ago
test imported from debian 3 weeks ago
userspace imported from debian 3 weeks ago
CMakeCPackOptions.cmake imported from debian 3 weeks ago
CMakeLists.txt imported from debian 3 weeks ago
CMakeListsGtestInclude.cmake imported from debian 3 weeks ago de-CoC 3 weeks ago
COPYING imported from debian 3 weeks ago
NOTICES imported from debian 3 weeks ago degithubbing 3 weeks ago degithubbing 3 weeks ago imported from debian 3 weeks ago


Note: this project used to be hosted on github. Since Github has been taken over by NSA/microsoft, we've had to evacuate it here.

Dig Deeper

Sysdig is a universal system visibility tool with native support for containers:
~$ sysdig

Csysdig is a simple, intuitive, and fully customizable curses UI for sysdig:
~$ csysdig

Getting Started

Run Sysdig in a container:

sudo docker run --rm -i -t --privileged --net=host \
    -v /var/run/docker.sock:/host/var/run/docker.sock \
    -v /dev:/host/dev \
    -v /proc:/host/proc:ro \
    -v /boot:/host/boot:ro \
    -v /src:/src \
    -v /lib/modules:/host/lib/modules:ro \
    -v /usr:/host/usr:ro \
    -v /etc:/host/etc:ro \

And then run the sysdig or csysdig tool from the container shell!

Encourage Debian/Redhat/your distro to use this version instead of the other one. Get in touch and we'll work on packaging issues.

What does sysdig do and why should I use it?

Sysdig is a simple tool for deep system visibility, with native support for containers.

The best way to understand sysdig is to try it - its super easy! Or here's a quick video introduction to csysdig, the simple, intuitive, and fully customizable curses-based UI for sysdig:

Far too often, system-level monitoring and troubleshooting still involves logging into a machine with SSH and using a plethora of dated tools with very inconsistent interfaces. And many of these classic Linux tools breakdown completely in containerized environments. Sysdig unites your Linux toolkit into a single, consistent, easy-to-use interface. And sysdig's unique architecture allows deep inspection into containers, right out of the box, without having to instrument the containers themselves in any way.

Sysdig instruments your physical and virtual machines at the OS level by installing into the Linux kernel and capturing system calls and other OS events. Sysdig also makes it possible to create trace files for system activity, similarly to what you can do for networks with tools like tcpdump and Wireshark. This way, problems can be analyzed at a later time, without losing important information. Rich system state is stored in the trace files, so that the captured activity can be put into full context.

Think about sysdig as strace + tcpdump + htop + iftop + lsof + ...awesome sauce.

Documentation / Support

Visit the wiki for full documentation on sysdig and its APIs.

For support using sysdig, please contact the official mailing list.

Join the Community

Unlike on NSA/Microsoft Github, where you need to agree to a Code of Conduct to send them Pull Requests, we don't care. Just send us your Pull requests.

License Terms

The sysdig userspace programs and supporting code are licensed to you under the Apache 2.0 open source license.

pull requests

send us your pull requests you don't need to use your real name, "anonymous cypherpunk" is fine. however, if you're submitting changes anonymously, we'll just credit you as "Anonymous" even if you turn out to have a name.

Commercial Support

Interested in a fully supported, fully distributed version of sysdig? Check out Sysdig Monitor!

Open source sysdig was proudly supported by Sysdig Inc. Now it's up to us.

Reporting a vulnerability

Please refer to