Sysdig is an open-source system monitoring and troubleshooting tool for Linux. It allows you to inspect the system, capture system state, and diagnose problems in real-time. In this tutorial, we will show you how to install Sysdig on Debian 11.

Prerequisites

Before getting started, make sure you have a clean installation of Debian 11 and that you are logged in as a user with sudo privileges. You will also need to have the apt package manager installed on your system.

To check if apt is installed, you can use the following command:

apt --version

If apt is not installed, you can install it by running the following command:

sudo apt install apt

Once apt is installed, you are ready to proceed with installing Sysdig.

Step 1: Add the Sysdig package repository

To install Sysdig on Debian 11, we will add the Sysdig package repository to our system and install the Sysdig package from the repository.

To add the Sysdig package repository, open a terminal and run the following command:

curl -s <https://s3.amazonaws.com/download.draios.com/stable/install-sysdig> | sudo bash

This command will add the Sysdig package repository and install the sysdig and sysdig-inspect packages on your system.

Step 2: Install the Sysdig Kernel Module

Sysdig uses a kernel module to capture system state and events. To use Sysdig, you will need to install the Sysdig kernel module on your system.

To install the Sysdig kernel module, run the following command:

sudo sysdig-probe-loader --install

This will install the Sysdig kernel module and load it into the kernel.

Step 3: Start using Sysdig

Now that Sysdig is installed and the kernel module is loaded, you can start using Sysdig to monitor and troubleshoot your system.

To view a list of all available Sysdig commands, run the sysdig command without any arguments:

sysdig

To view a list of all running processes on your system, run the following command:

sysdig -p'%user.name %proc.name

To view detailed information about a specific process, run the following command, replacing PROCESS_ID with the process ID of the process you want to inspect:

sysdig -pc PROCESS_ID

This will display detailed information about the specified process, including its PID, command, arguments, user, CPU usage, memory usage, and more.

To capture a system trace and save it to a file, run the following command, replacing FILENAME with the name of the file you want to save the trace to:

sysdig -w FILENAME

This will start capturing a system trace and save it to the specified file. You can stop the trace by pressing CTRL+C.

Once the trace is saved to a file, you can use the sysdig-inspect tool to view and analyze the trace. To view the trace file, run the following command, replacing FILENAME with the name of the trace file:

sysdig-inspect -r FILENAME

This will open the trace file in the sysdig-inspect tool, where you can view and analyze the trace data.

Conclusion

In this tutorial, you learned how to install Sysdig on Debian 11. You learned how to add the Sysdig package repository, install the Sysdig and sysdig-inspect packages, install the Sysdig kernel module, and start using Sysdig to monitor and troubleshoot your system. With Sysdig installed and configured, you can start using it to gain valuable insights into your system and diagnose problems in real-time.