< back to blog

Announcing Sysdig 0.1.98

Gianluca Borello
Gianluca Borello
@
Announcing Sysdig 0.1.98
Published:
March 2, 2015
Table of contents
This is the block containing the component that will be injected inside the Rich Text. You can hide this block if you want.
This is the block containing the component that will be injected inside the Rich Text. You can hide this block if you want.

Bug Fixes

  • Many minor bugfixes

New and updated features

  • Container support: sysdig now supports Docker, LXC and libvirt-lxc containers, with several sub-features described below and in the documentation
  • supports to an alternate /proc file system tree (useful in containers) by setting the environment variable SYSDIG_HOST_ROOT
  • supports parsing network connections from /proc from a network namespace different than the global one
  • container information is available in the chisel API (thread table)
  • -pc and -pcontainer will use a container-friendly output format for events
  • Automated Docker builds for running sysdig:https://registry.hub.docker.com/u/sysdig/sysdig/
  • sysdig-probe-loader: new script included with sysdig to facilitate loading the sysdig-probemodule in atypic environments such as containers
  • build-sysdig-probe-binaries: new script to prebuild sysdig-probe binaries for a specific set of kernel configurations (currently CoreOS) and upload them to S3 so that they can be downloaded at runtime on environments that don't ship kernel headers

New and updated chisels

  • lscontainers: List the running containers.
  • topcontainers_cpu: Top containers by CPU usage.
  • topcontainers_error: Top containers by number of errors.
  • topcontainers_file: Top containers by R+W disk bytes.
  • topcontainers_net: Top containers by network I/O.
  • echo_fds: container-aware (with -pc).
  • fileslower: container-aware (with -pc).
  • list_login_shells: container-aware (with -pc).
  • netlower: container-aware (with -pc).
  • proc_exec_time: container-aware (with -pc).
  • scallslower: container-aware (with -pc).
  • spy_logs: container-aware (with -pc).
  • spy_syslog: container-aware (with -pc).
  • spy_users: container-aware (with -pc).
  • stderr: container-aware (with -pc).
  • topconns: container-aware (with -pc).
  • topfiles_bytes: container-aware (with -pc).
  • topfiles_errors: container-aware (with -pc).
  • topfiles_time: container-aware (with -pc).
  • topports_server: container-aware (with -pc).
  • topprocs_cpu: container-aware (with -pc).
  • topprocs_errors: container-aware (with -pc).
  • topprocs_file: container-aware (with -pc).
  • topprocs_net: container-aware (with -pc).
  • topscalls: container-aware (with -pc).
  • topscalls_time: container-aware (with -pc).

New and updated filter fields

  • thread.cgroups: all the cgroups the thread belongs to, aggregated into a single string.
  • thread.cgroup: the cgroup the thread belongs to, for a specific subsystem. E.g.thread.cgroup.cpuacct.
  • thread.vtid: the id of the thread generating the event as seen from its current PID namespace.
  • proc.vpid: the id of the process generating the event as seen from its current PID namespace.
  • container.id: the container id.
  • container.name: the container name.
  • container.image: the container image.

New and Updated events

  • clone, execve, fork, vfork: add cgroups, vtid and vpid to the events to correctly report control group and PID namespaces information.

A blog post with an in-depth look at this new functionality will be published very soon. Stay tuned!

Downloads

Resources

Release detailsUpdate instructionsInstallation instructionsSource code

Support

Community support is available on the sysdig mailing list.Bugs and issues can be submitted through github.

About the author

No items found.
featured resources

Test drive the right way to defend the cloud
with a security expert