tldr/pages/linux/sysdig.md

# sysdig

> System troubleshooting, analysis and exploration.
> Capture, filter and store systemcalls.
> More information: <https://github.com/draios/sysdig/wiki>.

- Capture all the events from the live system and print them to screen:

`sysdig`

- Capture all the events from the live system and save them to disk:

`sysdig {{[-w|--write]}} {{path/to/file}}.scap`

- Read events from a file and print them to screen:

`sysdig {{[-r|--read]}} {{path/to/file}}.scap`

- Filter and Print all the open system calls invoked by cat:

`sysdig proc.name=cat and evt.type=open`

- Register any found plugin and use dummy as input source passing to it open params:

`sysdig -I dummy:'{{parameter}}'`

- List the available chisels:

`sysdig {{[-cl|--list-chisels]}}`

- Use the spy_ip chisel to look at the data exchanged with ip address:

`sysdig {{[-c|--chisel]}} spy_ip {{ip_address}}`
getfattr, setfattr, sysdig: add page (#13921) * sysdig * Add periods and colons * Modified with recommended changes * Fix typo * Attribute * Made fixes * Removed spaces * Newline * Design changes * Corrected link and attribute name --------- Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> 2024-10-02 21:36:31 +08:00			`# sysdig`

			`> System troubleshooting, analysis and exploration.`
			`> Capture, filter and store systemcalls.`
			`> More information: <https://github.com/draios/sysdig/wiki>.`

			`- Capture all the events from the live system and print them to screen:`

			`sysdig`

			`- Capture all the events from the live system and save them to disk:`

linux/: add option placeholders (#16192) batch1 * batch2 * batch3 * batch4 * Update matchpathcon.md * Update pages/linux/arecord.md Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> * Update pages/linux/arecord.md Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> * Update pages/linux/arecord.md Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> --------- Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> 2025-04-20 00:21:53 +03:00			`sysdig {{[-w\|--write]}} {{path/to/file}}.scap`
getfattr, setfattr, sysdig: add page (#13921) * sysdig * Add periods and colons * Modified with recommended changes * Fix typo * Attribute * Made fixes * Removed spaces * Newline * Design changes * Corrected link and attribute name --------- Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> 2024-10-02 21:36:31 +08:00
			`- Read events from a file and print them to screen:`

linux/: add option placeholders (#16192) batch1 * batch2 * batch3 * batch4 * Update matchpathcon.md * Update pages/linux/arecord.md Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> * Update pages/linux/arecord.md Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> * Update pages/linux/arecord.md Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> --------- Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> 2025-04-20 00:21:53 +03:00			`sysdig {{[-r\|--read]}} {{path/to/file}}.scap`
getfattr, setfattr, sysdig: add page (#13921) * sysdig * Add periods and colons * Modified with recommended changes * Fix typo * Attribute * Made fixes * Removed spaces * Newline * Design changes * Corrected link and attribute name --------- Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> 2024-10-02 21:36:31 +08:00
			`- Filter and Print all the open system calls invoked by cat:`

			`sysdig proc.name=cat and evt.type=open`

			`- Register any found plugin and use dummy as input source passing to it open params:`

			`sysdig -I dummy:'{{parameter}}'`

			`- List the available chisels:`

linux/: add option placeholders (#16192) batch1 * batch2 * batch3 * batch4 * Update matchpathcon.md * Update pages/linux/arecord.md Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> * Update pages/linux/arecord.md Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> * Update pages/linux/arecord.md Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> --------- Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> 2025-04-20 00:21:53 +03:00			`sysdig {{[-cl\|--list-chisels]}}`
getfattr, setfattr, sysdig: add page (#13921) * sysdig * Add periods and colons * Modified with recommended changes * Fix typo * Attribute * Made fixes * Removed spaces * Newline * Design changes * Corrected link and attribute name --------- Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> 2024-10-02 21:36:31 +08:00
			`- Use the spy_ip chisel to look at the data exchanged with ip address:`

linux/: add option placeholders (#16192) batch1 * batch2 * batch3 * batch4 * Update matchpathcon.md * Update pages/linux/arecord.md Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> * Update pages/linux/arecord.md Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> * Update pages/linux/arecord.md Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> --------- Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> Co-authored-by: Wiktor Perskawiec <git@spageektti.cc> 2025-04-20 00:21:53 +03:00			`sysdig {{[-c\|--chisel]}} spy_ip {{ip_address}}`
No results found.