Sysdig is an awesome tool that can be used for many purposes, including monitoring, logging, process debugging, network analyzing, and exploring a system in depth. Plus, it includes fantastic Linux container support. It's also scriptable and can be fed with recorded real traffic packet captures for offline analysis. It's an incredible tool that each and every person working with containers should at least know the basics of, and as infrastructure developers used to working with code, we know how important debugging tools are. This is no different with sysdig, and we'll now discover some of its fantastic features related to containers.
To step through this recipe, you will need:
Installing sysdig is easy on most platforms, including CoreOS (http://www.sysdig.org/install/). However, if you're in a hurry, here's a one liner that will do the job of installing Sysdig on your Linux host. We'd probably choose a better way to deploy it programmatically though, such as Ansible or Chef, through a Docker container or not:
$ curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash
Here's how to get an htop-like view of all the running containers on the system:
$ sudo csysdig --view=containers
Navigating to the F2/Views menu helps you enter many different options to see what's running, from processes to syslog to open files and even the Kubernetes, Marathon, or Mesos integration. Want to see which container is draining all of the IO? You're at the right place:
Here's an example of a Tomcat container with a view of all the local and remote connections, IPs, ports, protocols, bandwidth, IOs, and the corresponding commands—terribly useful to find suspicious behavior:
Another useful tool is F5
/Echo
, grabbing what's transiting on this container: (un)encrypted content, logs, output, and more. This is also very useful to maybe catch something wrong with a container acting weird:
Another very powerful tool from sysdig is F6
/Dig
. This basically offers nothing less than a full-fledged strace
for a container; imagine the debugging power it has:
The F8
/Actions
feature is a full Docker command integration tool available right from inside sysdig. Select a container and we'll be able to enter it, read logs, see its image history, kill it, and more:
Those commands are also always available right from the main interface: want to gain a shell on this selected container? Just type b
.
These are just a few of the many powerful things we can do with Sysdig using Docker containers.
18.118.16.81