Sysdig is an open-source, cross-platform, powerful and flexible system monitoring and troubleshooting tool for Linux; it also works on Windows and Mac OSX but with limited functionality and can be used for system analysis, inspection and debugging.
Normally, you would employ a mix of various Linux performance monitoring and troubleshooting tools including these ones listed below to perform the Linux monitoring and debugging tasks:
- strace – discover system calls and signals to a process.
- tcpdump – raw network traffic monitoring.
- netstat – network connections monitoring.
- htop – real time process monitoring.
- iftop – real time network bandwidth monitoring.
- lsof – view which files are opened by which process.
However, sysdig integrates what all the above tools and many more, offer in a single and simple program, more so with amazing container support. It enables you to capture, save, filter and examine the real behavior (stream of events) of Linux systems as well as containers.
It comes with a command line interface and a powerful interactive UI (csysdig) which allow you to watch system activity in real time, or perform a trace dump and save for later analysis.
Sysdig Features:
- It is fast, stable and easy-to-use with comprehensively well documented.
- Comes with native support for container technologies, including Docker, LXC.
- It is scriptable in Lua; offers chisels (lightweight Lua scripts) for processing captured system events.
- Supports useful filtering of output.
- Supports system and application tracing.
- It can be integrated with Ansible, Puppet and Logstash.
- Enable sample advanced log analysis.
- It also offers Linux server attack (forensics) analysis features for ethical hackers and lot’s more.
分析容器系统调用:Sysdig
哪台机器有问题就可以去安装,使用这个工具
rpm --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public
curl -s -o /etc/yum.repos.d/draios.repo https://s3.amazonaws.com/download.draios.com/stable/rpm/draios.repo
yum install epel-release -y
yum install sysdig -y /usr/bin/sysdig-probe-loader # 加载驱动模块
[root@master ~]# lsmod | grep ip_vs
ip_vs_sh 12688 0
ip_vs_wrr 12697 0
ip_vs_rr 12600 37
ip_vs 145458 43 ip_vs_rr,ip_vs_sh,ip_vs_wrr
nf_conntrack 139264 10 ip_vs,xt_CT,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4,nf_conntrack_ipv6
libcrc32c 12644 3 ip_vs,nf_nat,nf_conntrack
[root@master ~]# lsmod | grep netfilter
br_netfilter 22256 0
bridge 151336 1 br_netfilter
[root@master ~]# lsmod | grep sysdig
sysdig_probe 639433 0
[root@master ~]# sysdig -p "user:%user.name time:%evt.time proc_name:%proc.name" -M 3 -w xxx
[root@master ~]# sysdig -r xxx
sysdig过滤: