The "right way" to use sysdig? remote?

Question

I was wondering if it is possible to let sysdig run as a background process and rotate the logfile just for an example every time it gets over 100mb or every 7 day?

and is there anyway i could setup a remote server for the sysdig files?
just so i won't have to destroy my ssd instant where my webservers are running?. ( I all ready have a Graylog server running if that could do the job)

score 3 · Accepted Answer · answered Nov 02 '15 at 22:12

3

Sysdig developer here.

Yes. Take a look at this blog post https://sysdig.com/sysdig-continuous-capture-with-file-rotation/.
This is not a feature of sysdig yet, so you would have to build your own solution. A way to do it could be extending sysdig through a Lua script (we call them chisels, and you can find more infor at this URL: https://github.com/draios/sysdig/wiki/Chisels%20User%20Guide)

answered Nov 02 '15 at 22:12

Loris Degioanni

46
1

1. You could integrate this solution into a systemd service file, like it's explained here: https://dotc.om/roll-your-own-sysdig-systemd-start-service/ – Osqui Dec 12 '18 at 22:53

score 0 · Answer 2 · answered Nov 21 '18 at 22:52

0

For the second question you can use Filebeats (from ELK stack) or similar

answered Nov 21 '18 at 22:52

Osqui

135
1
8

The "right way" to use sysdig? remote?

2 Answers2