Sysdig Cheatsheet

This is mostly just for my own quick reference for common usages

Sysdig is well its best sumed up on their site

Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze.
Sysdig is scriptable in Lua and includes a command line interface and a powerful interactive UI, csysdig, that runs in your terminal. Think of sysdig as strace + tcpdump + htop + iftop + lsof + awesome sauce. With state of the art container visibility on top.

Its a tool I have been chasing for a while to be able to dig into a problem rapidly and quickly. Although I have not started using the commercial side of it ( Sysdigcloud – ) I can see it being implemented in the very near future. As this looks to be a powerhouse of information as well.



Simple check out –
There are a very small number of requirements (namely requiring newish versions of OS’s)

The Cheatsheet

This is an active list and will grow over time, although I would welcome any ones only little hints.

A list of some sources where theses commands are from:


The Basics

sysdig -l # List all available fields
sysdig -L # List all events
sysdig -cl # List all available Chisels

sysdig –w myfile.scap # Create a dump of full system (as with most dump it can grow pretty quickly)
sysdig –r myfile.scap # Read a dump file

csysdig  #run in top style mode
csysdig name.user=$SOMEUSERNAME  # Top style mode filtered for a selected user

sysdig -c spy_users # see all commands all users are preforming 

sysdig contains /home  #
Some IO based stuff
sysdig -c fileslower 1  
# I/O calls that have a latency greater than 1ms. This would be useful if you were tracking down certain kinds of performance issues.

# see what is happening when some one is opening nano(or any other proc)

sysdig and contains /home/user


Leave a Reply