Skip to content


An awesome host inspection tool, with tcpdump like tool and an interface similar to [[top]] et al. -

Installation - CentOS

Their shell script installs epel from a 3rd party source, so it's best to use this method instead:

rpm --import && \
curl -s -o /etc/yum.repos.d/draios.repo && \
yum -y install kernel-devel-$(uname -r) && \
yum -y install sysdig


Simple usage


Write a system trace file

sysdig -w tracefile.scap

Replay a tracefile

sysdig -r tracefile.scap

Show filters

sysdig -l

Show activity for access to a given file

sysdig -l

Show shell commands for all users

sysdig -pc -c spy_users

Spy on a user and exclude a process

sysdig -pc -c spy_users!=gmetric

Or exclude multiple processes

sysdig -pc -c spy_users "not in ( gmetric, awk, sed, grep )"

Show a top like interface