-
Notifications
You must be signed in to change notification settings - Fork 727
How to Install Sysdig for Linux
NOTE: Run all commands as root or with sudo. See bottom of the page for instructions on how to use sysdig as non-root after installation.
- Automatic Installation
- Manual Installation
- Use sysdig as non-root
- Installation inside a Docker container
- Troubleshooting
The following distributions are supported:
- Debian, from 6.0
- Ubuntu, from 10.04
- CentOS, from 6
- RHEL, from 6
- Fedora, from 13
- Amazon Linux, any version available from the AWS Marketplace
- Oracle Linux, from 6
- Linux Mint, from 9
- CoreOS
To install sysdig automatically in one step, simply run the following command. This is the recommended installation method.
Warning: The installation script will only install the sysdig package from the Draios APT/YUM repository after verifying all the requirements. For step-by-step manual installation, see the guide below. To install sysdig from the source code, see the instructions [here](How to Install sysdig from the Source Code).
curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash
Debian, Ubuntu
- Trust the Draios GPG key, configure the apt repository, and update the package list
curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add -
curl -s -o /etc/apt/sources.list.d/draios.list http://download.draios.com/stable/deb/draios.list
apt-get update
- Install kernel headers
Warning: The following command might not work with any kernel. Make sure to customize the name of the package properly
apt-get -y install linux-headers-$(uname -r)
- Install sysdig
apt-get -y install sysdig
CentOS, RHEL, Fedora, Amazon Linux
- Trust the Draios GPG key, configure the yum repository
rpm --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public
curl -s -o /etc/yum.repos.d/draios.repo http://download.draios.com/stable/rpm/draios.repo
- Install the EPEL repository
Note: The following command is required only if DKMS is not available in the distribution. You can verify if DKMS is available with yum list dkms
rpm -i http://mirror.us.leaseweb.net/epel/6/i386/epel-release-6-8.noarch.rpm
- Install kernel headers
Warning: The following command might not work with any kernel. Make sure to customize the name of the package properly
yum -y install kernel-devel-$(uname -r)
- Install sysdig
yum -y install sysdig
sysdig can also run inside a Docker container. To guarantee a smooth deployment, the kernel headers must be installed in the host operating system, before running the agent.
This can usually be done on Debian-like distributions with:
apt-get -y install linux-headers-$(uname -r)
Or, on RHEL-like distributions:
yum -y install kernel-devel-$(uname -r)
sysdig can then be run with:
docker pull sysdig/sysdig
docker run -i -t --name sysdig --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/sysdig
##Use sysdig as non-root##
Sysdig must be run as root, because:
- It needs to scan the full
/proc
file system - It needs to access to
/dev/sysdig*
devices - It needs to automatically load the
sysdig-probe
kernel module in case it's not loaded yet
However, there is a solution that allows non-root users to run sysdig by using sudo
.
- Create a group you want to give the right to run sysdig.
groupadd sysdig
- Add the user(s) which shall be able to run sysdig to that group.
usermod -aG sysdig alice
usermod -aG sysdig bob
-
Use
visudo
to edit the sudo-config. Add the line%sysdig ALL= /path/to/sysdig
and save. The path is most likely/usr/local/bin/sysdig
, but you can make sure by runningwhich sysdig
. -
Every member of the group sysdig is now allowed to use the
sudo
command, but only for the sysdig binary.
- Enter toolbox
toolbox --bind=/dev
- Install the client binary
curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | bash
- Load the kernel module
sysdig-probe-loader
##Troubleshooting##
###Missing asm/asm-offsets.h### On Ubuntu 10.04 with customized upstream kernels (such as AWS) you may need to symlink the asm headers to the correct location:
ln -nsf /usr/src/linux-headers-`uname -r`/include/asm-x86 /usr/src/linux-headers-`uname -r`/include/asm
apt-get -y install