Description:
Sysdig is open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze.
Think of it as strace + tcpdump + lsof + awesome sauce.
With a little Lua cherry on top.
Release Notes:
Sysdig is compatible with ASL, and currently available for el6 and above. After installation you will need to reboot the system in order to load the sysdig kernel module.
Usage
A single post does not do this tool justice. Here are a few basic configs to get you started!
Show top I/O files for httpd:
sysdig -c topfiles_time proc.name=httpd
Show process execution time system wide:
sysdig -c proc_exec_time
Show top server ports:
sysdig -c topports_server
Show every file opened under a web domain:
sysdig evt.type=open and fd.name contains /var/www/vhosts/domainname/httpdocs/
Show files exchanged between apache and IP 10.11.12.13:
sysdig -A -c echo_fds proc.name=httpd and fd.sip=10.11.12.13
Show what the user id testuser is doing:
sysdig -c spy_users username=testuser
To install:
yum install sysdig