Skip to content

How to Install Sysdig for Linux

Jump to bottom Edit New page
Hefeweizen edited this page Mar 20, 2015 · 56 revisions

NOTE: Run all commands as root or with sudo. See bottom of the page for instructions on how to use sysdig as non-root after installation.

Table of Contents

Requirements

Distributions

The following distributions are supported:

  • Debian, from 6.0
  • Ubuntu, from 10.04
  • CentOS, from 6
  • RHEL, from 6
  • Fedora, from 13
  • Amazon Linux, any version available from the AWS Marketplace
  • Oracle Linux, from 6
  • Linux Mint, from 9
  • CoreOS

Automatic Installation

To install sysdig automatically in one step, simply run the following command. This is the recommended installation method.

Warning: The installation script will only install the sysdig package from the Draios APT/YUM repository after verifying all the requirements. For step-by-step manual installation, see the guide below. To install sysdig from the source code, see the instructions [here](How to Install sysdig from the Source Code).

curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash

Manual Installation

Debian, Ubuntu

  1. Trust the Draios GPG key, configure the apt repository, and update the package list
curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add -  
curl -s -o /etc/apt/sources.list.d/draios.list http://download.draios.com/stable/deb/draios.list  
apt-get update
  1. Install kernel headers

Warning: The following command might not work with any kernel. Make sure to customize the name of the package properly

apt-get -y install linux-headers-$(uname -r)
  1. Install sysdig
apt-get -y install sysdig

CentOS, RHEL, Fedora, Amazon Linux

  1. Trust the Draios GPG key, configure the yum repository
rpm --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public  
curl -s -o /etc/yum.repos.d/draios.repo http://download.draios.com/stable/rpm/draios.repo
  1. Install the EPEL repository

Note: The following command is required only if DKMS is not available in the distribution. You can verify if DKMS is available with yum list dkms

rpm -i http://mirror.us.leaseweb.net/epel/6/i386/epel-release-6-8.noarch.rpm
  1. Install kernel headers

Warning: The following command might not work with any kernel. Make sure to customize the name of the package properly

yum -y install kernel-devel-$(uname -r)
  1. Install sysdig
yum -y install sysdig

Installation inside a Docker container

sysdig can also run inside a Docker container. To guarantee a smooth deployment, the kernel headers must be installed in the host operating system, before running the agent.

This can usually be done on Debian-like distributions with:

apt-get -y install linux-headers-$(uname -r)

Or, on RHEL-like distributions:

yum -y install kernel-devel-$(uname -r)

sysdig can then be run with:

docker pull sysdig/sysdig

docker run -i -t --name sysdig --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/sysdig

Installation inside CoreOS

  1. Enter toolbox
toolbox --bind=/dev
  1. Install the client binary
curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | bash
  1. Load the kernel module
sysdig-probe-loader

##Use sysdig as non-root##

Sysdig must be run as root, because:

  • It needs to scan the full /proc file system
  • It needs to access to /dev/sysdig* devices
  • It needs to automatically load the sysdig-probe kernel module in case it's not loaded yet

However, there is a solution that allows non-root users to run sysdig by using sudo.

  1. Create a group you want to give the right to run sysdig.
groupadd sysdig
  1. Add the user(s) which shall be able to run sysdig to that group.
usermod -aG sysdig alice
usermod -aG sysdig bob

  1. Use visudo to edit the sudo-config. Add the line %sysdig ALL= /path/to/sysdig and save. The path is most likely /usr/local/bin/sysdig, but you can make sure by running which sysdig.

  2. Every member of the group sysdig is now allowed to use the sudo command, but only for the sysdig binary.

##Troubleshooting##

###Missing asm/asm-offsets.h### On Ubuntu 10.04 with customized upstream kernels (such as AWS) you may need to symlink the asm headers to the correct location:

ln -nsf /usr/src/linux-headers-`uname -r`/include/asm-x86 /usr/src/linux-headers-`uname -r`/include/asm
apt-get -y install
Add a custom footer
Add a custom sidebar
Clone this wiki locally