Here are some SysDig examples for your CLI. Looking for an easy way to install SysDig on your servers? Check out my puppet-sysdig module if you’re a Puppet user.
Observe the I/O activity on all the files named ‘passwd’
$ sysdig -A –c echo_fds "fd.filename=passwd"
See the top directories in terms of R+W disk activity
$ sysdig –c fdbytes_by fd.directory "fd.type=file"
Print the top files that apache has been reading from or writing to
$ sysdig -c topfiles_bytes proc.name=httpd
See the top files in terms of read+write bytes
$ sysdig -c topfiles_bytes
List the processes that are using a high number of files
$ sysdig -c fdcount_by proc.name "fd.type=file"
See the top processes in terms of disk bandwidth usage
$ sysdig -c topprocs_file
See the top client IPs: in terms of total bytes
$ sysdig -c fdbytes_by fd.cip
See the top client IPs: in terms of established connections
$ sysdig -c fdcount_by fd.cip "evt.type=accept"
See the top local server ports: in terms of established connections
$ sysdig -c fdcount_by fd.sport "evt.type=accept"
Show network data exchanged with a specific host IP
As ASCII:
$ sysdig -s2000 -A -c echo_fds fd.cip=10.3.6.1
As binary:
$ sysdig -s2000 -X -c echo_fds fd.cip=10.3.6.1
Show all syslog messages from the system, conveniently color coded
$ sysdig -c spy_syslog