Skip to end of metadata
Go to start of metadata


Sysdig is a very useful open source application for Linux that provides realtime information on system state, activity, and performance.  This article briefly summarizes some of its useful features and potential administration capabilities (note, in many cases, you will need root or sudo privileges to run many of these commands).

Useful One-Lliners

Realtime monitoring of all user commands:

sysdig -pc -c spy_users 

Show every file under a particular directory:

sysdig evt.type=open and contains /data

Dump system activity to a binary file, and read it later:

sysdig -w trace.scap
sysdig -r trace.scap

List all sysdig "chisels":

sysdig -cl

Example chisel list:

List processes that have a high number of file handles:

sysdig -c fdcount_by "fd.type=file"

See top directories with high volume of I/O activity:

sysdig -c fdbytes_by "fd.type=file"

Show files with highest levels of I/O in bytes:

sysdig -c topfiles_bytes

More Information