Delving the depths of Linux with sysdig


Sysdig is a useful and practical tool: You will learn many of its functions when using the software, but you can only deduce the rest from the documentation in the form of the man page or from the wiki [3]. However, it is often easier to look at a few examples and modify them to suit your own requirements.

Listing 4 shows the use of sysdig in analyzing processes. A call to

sysdig -c proc_exec_time

shows the processes that are currently taking the longest to complete. You can use echo_fds (Listing 5) as a replacement for strace to track inputs and outputs.

Listing 4

Analyzing Processes


Listing 5

Tracking Input and Output


If the system performance does not correspond to your expectations,

sysdig -c bottlenecks
sysdig -c topscalls

shows the slowest and currently most frequently used system calls. If you often have to wait for files,

sysdig -c fileslower 9

will detect them.

To see which files require the most time to read and write and where the system writes most, use:

sysdig -c topfiles_time
sysdig -c topfiles_bytes

The output from

sysdig -c topprocs_file
sysdig -c topprocs_net

respectively shows which processes are responsible for the writes and which ones are slowing down the network. Numerous other examples can be found online [4].


Sysdig is unreservedly recommended for analyzing systems as a replacement for many individual programs. The concept of compiling a simple program with many possibilities using plugins is in keeping with current trends.

The results output by sysdig are always useful, so you can expect to see it soon in the repositories of the major distributions.

Up to now, the project has tackled installation in a somewhat unorthodox manner. However, to leverage the software to the max, you need to be able to interpret the results correctly. If you lack the knowledge to do so, the output can be confusing.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • The sys admin’s daily grind: Sysdig

    In this issue, sys admin columnist and tool veterinarian Charly Kühnast invites Sysdig, the jack-of-all-trades among system diagnostic tools, into his surgery for a quick checkup. The project promises to unite the functionality of lsof, iftop, netstat, tcpdump, and others.

  • FOSSPicks

    Graham Morrison looks at VCV Rack, Audible Instruments, TripleA, Neofetch 3.3.0, TripleA, Eolie 0.9, and more!

comments powered by Disqus