Linux command
sysdig 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Capture
sysdig
Save
sysdig -w [path/to/file].scap
Read
sysdig -r [path/to/file].scap
Filter
sysdig proc.name=cat and evt.type=open
List
sysdig -cl
Use
sysdig -c spy_ip [ip_address]
说明
sysdig is a system-level exploration and troubleshooting tool. It captures system calls and events, providing deep visibility into system behavior. It supports filtering, chisels (Lua scripts for analysis), and various output formats. Sysdig can be used for performance analysis, security monitoring, and debugging.
参数
- -w, --write _file_
- Write captured events to file
- -r, --read _file_
- Read events from file
- -c, --chisel _name_
- Run specified chisel
- -cl, --list-chisels
- List available chisels
- -l, --list
- List available fields
- -I _source_
- Use specified input source
- -n _num_
- Stop after num events
- -p _format_
- Custom output format
- -j, --json
- Output in JSON format
- -A, --print-ascii
- Print event buffers as ASCII (skip non-printable bytes).
- -X, --print-hex-ascii
- Print event buffers as hex + ASCII.
- -s _len_, --snaplen _len_
- Capture the first _len_ bytes of each I/O buffer (default 80).
- -pc, -pcontainer
- Use container-aware output formatting (host + container.id, container.name).
- -M _seconds_
- Stop capturing after the given number of seconds.
- --list-fields
- List all filter/format fields available.
FAQ
What is the sysdig command used for?
sysdig is a system-level exploration and troubleshooting tool. It captures system calls and events, providing deep visibility into system behavior. It supports filtering, chisels (Lua scripts for analysis), and various output formats. Sysdig can be used for performance analysis, security monitoring, and debugging.
How do I run a basic sysdig example?
Run `sysdig` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -w, --write _file_ do in sysdig?
Write captured events to file