Skip to content

How to Install Sysdig for Linux

Hefeweizen edited this page Mar 20, 2015 · 56 revisions

NOTE: Run all commands as root or with sudo. See bottom of the page for instructions on how to use sysdig as non-root after installation.

Table of Contents

Requirements

Distributions

The following distributions are supported:

  • Debian, from 6.0
  • Ubuntu, from 10.04
  • CentOS, from 6
  • RHEL, from 6
  • Fedora, from 13
  • Amazon Linux, any version available from the AWS Marketplace
  • Oracle Linux, from 6
  • Linux Mint, from 9
  • CoreOS

Automatic Installation

To install sysdig automatically in one step, simply run the following command. This is the recommended installation method.

Warning: The installation script will only install the sysdig package from the Draios APT/YUM repository after verifying all the requirements. For step-by-step manual installation, see the guide below. To install sysdig from the source code, see the instructions [here](How to Install sysdig from the Source Code).

curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash

Manual Installation

Debian, Ubuntu

  1. Trust the Draios GPG key, configure the apt repository, and update the package list
curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add -  
curl -s -o /etc/apt/sources.list.d/draios.list http://download.draios.com/stable/deb/draios.list  
apt-get update
  1. Install kernel headers

Warning: The following command might not work with any kernel. Make sure to customize the name of the package properly

apt-get -y install linux-headers-$(uname -r)
  1. Install sysdig
apt-get -y install sysdig

CentOS, RHEL, Fedora, Amazon Linux

  1. Trust the Draios GPG key, configure the yum repository
rpm --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public  
curl -s -o /etc/yum.repos.d/draios.repo http://download.draios.com/stable/rpm/draios.repo
  1. Install the EPEL repository

Note: The following command is required only if DKMS is not available in the distribution. You can verify if DKMS is available with yum list dkms

rpm -i http://mirror.us.leaseweb.net/epel/6/i386/epel-release-6-8.noarch.rpm
  1. Install kernel headers

Warning: The following command might not work with any kernel. Make sure to customize the name of the package properly

yum -y install kernel-devel-$(uname -r)
  1. Install sysdig
yum -y install sysdig

Installation inside a Docker container

sysdig can also run inside a Docker container. To guarantee a smooth deployment, the kernel headers must be installed in the host operating system, before running the agent.

This can usually be done on Debian-like distributions with:

apt-get -y install linux-headers-$(uname -r)

Or, on RHEL-like distributions:

yum -y install kernel-devel-$(uname -r)

sysdig can then be run with:

docker pull sysdig/sysdig
docker run -i -t --name sysdig --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/sysdig

##Use sysdig as non-root##

Sysdig must be run as root, because:

  • It needs to scan the full /proc file system
  • It needs to access to /dev/sysdig* devices
  • It needs to automatically load the sysdig-probe kernel module in case it's not loaded yet

However, there is a solution that allows non-root users to run sysdig by using sudo.

  1. Create a group you want to give the right to run sysdig.
groupadd sysdig
  1. Add the user(s) which shall be able to run sysdig to that group.
usermod -aG sysdig alice
usermod -aG sysdig bob
  1. Use visudo to edit the sudo-config. Add the line %sysdig ALL= /path/to/sysdig and save. The path is most likely /usr/local/bin/sysdig, but you can make sure by running which sysdig.

  2. Every member of the group sysdig is now allowed to use the sudo command, but only for the sysdig binary.

Installation inside CoreOS

  1. Enter toolbox
toolbox --bind=/dev
  1. Install the client binary
curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | bash
  1. Load the kernel module
sysdig-probe-loader

##Troubleshooting##

###Missing asm/asm-offsets.h### On Ubuntu 10.04 with customized upstream kernels (such as AWS) you may need to symlink the asm headers to the correct location:

ln -nsf /usr/src/linux-headers-`uname -r`/include/asm-x86 /usr/src/linux-headers-`uname -r`/include/asm
apt-get -y install