sysdig
System troubleshooting, analysis and exploration.
Capture, filter and store systemcalls.
More information: https://github.com/draios/sysdig/wiki.
- Capture all the events from the live system and print them to screen:
sysdig
- Capture all the events from the live system and save them to disk:
sysdig -w path/to/file.scap
- Read events from a file and print them to screen:
sysdig -r path/to/file.scap
- Filter and Print all the open system calls invoked by cat:
sysdig proc.name=cat and evt.type=open
- Register any found plugin and use dummy as input source passing to it open params:
sysdig -I dummy:'parameter'
- List the available chisels:
sysdig -cl
- Use the spy_ip chisel to look at the data exchanged with ip address:
sysdig -c spy_ip ip_address