0.4.0

New and updated features

• csysdig view actions: press F7 or F8 while inside a csysdig view to see what actions are supported

Bug Fixes

• Fix compilation errors on non-Linux platforms
• Support Docker containers when running in a different cgroup root layout
• Minor bugfixes

0.3.0

New and updated features

• Support ia32 emulation on 64bit kernels, now you can finally dig into skype!
• New events: mount, umount
• New memcachelog chisel: show a log of memcached commands (get/set)
• New backlog csysdig view: show queues (backlog) utilization per process
• --unbuffered command line option: turn off output buffering
• Detect mesos containers (support is still limited)
• HTTP chisels now support UNIX sockets (e.g. Docker API)
• New section in the csysdig views files: hotkeys

Bug Fixes

• Minor bugfixes

0.2.0

Even if we're still on the 0.x series of sysdig, starting from this release we are adopting semantic versioning (http://semver.org/) so it will be easier to identify bugfix releases.

Bug Fixes

• Support Debian 7 as a host for the sysdig Docker container
• Minor bugfixes

New and updated features

• Port numbers will be automatically converted to service names (according to the services file on your platform) unless -N is specified
• New filter field fd.proto: matches the protocol (either client or server) of the fd
• New filter field fd.cproto: for TCP/UDP FDs, the client protocol
• New filter field fd.sproto: for TCP/UDP FDs, server protocol
• New filter field fd.lproto: for TCP/UDP FDs, the local protocol
• New filter field fd.rproto: for TCP/UDP FDs, the remote protocol
• New events: semop, semctl, ppoll
• Docker image now includes the RUN label to make it easier to run sysdig on Atomic Linux

0.1.104

Bug Fixes

• Fix improper access to socket structure during accept() (#427)
• Minor bugfixes (#416, #406)

0.1.103

Bug Fixes

• Update ncurses so it will compile on GCC 5
• Don't use GCC 5 inside the Docker container, because older kernels are still not ready
• Minor bugfixes

New and updated features

• httplog chisel: show a log of all HTTP requests
• httptop chisel: show top HTTP requests by: ncalls, time or bytes
• Improved the accept system event by adding queuelen and queuemax
• sysdig-probe can now compile on the EL5 kernel. Userspace application still requires a recent GCC, which can be obtained from the Redhat/CentOS developer toolset
• Support CPU hotplug: sysdig will just work if CPUs go up or down in your system, and will also generate an event when that happens
• Precompile sysdig-probe for most Ubuntu, Fedora, CentOS kernels

0.1.102

Bug Fixes

• Fix panic with some kernel versions
• Fix compiling errors on arm architecture
• Report execve args even if it fails
• Minor bugfixes on csysdig

New and updated features

• Support for decoding setns and flock syscall
• Parse O_CLOEXEC flag on open and related syscalls
• Parse CLONE_NEWUSER flag on clone
• Support truncated tracefiles
• Now sysdig can rotate tracing file when capturing, using -C, -e, -W, -G
• Better extraction/filtering capabilities for event related to multiple file descriptors, like poll
• Precompiled kernel modules for older coreos releases

0.1.101

New and updated features

• This release introduces csysdig, the awesome ncurses user interface for sysdig!

0.1.100

Bug Fixes

• Many minor bugfixes
• Docker container ships with GCC 4.8 other than the latest from Debian, to increase compatibility
• echo_fds chisel has a better formatting
• Correctly show container output even when renaming containers on Docker >= 1.5
• Fixes on the exists filter operator

New and updated features

• Support for intercepting signals via the signaldeliver event: parameters are source pid, destination pid and signal type

0.1.99

Bug Fixes

• Under certain conditions, sysdig could crash during socket scanning in /proc
• Improve default truncation algorithm when -v is not specified
• Improved spy_users chisel accuracy
• Many minor bugfixes

New and updated features

• sysdig can now be concurrently opened multiple times
• exists clause for filters, e.g. sysdig proc.name exists
• in clause for filters, e.g. sysdig "evt.type in ( 'select', 'poll' )"

0.1.98

Bug Fixes

• Many minor bugfixes

New and updated features

• Container support: sysdig now supports Docker, LXC and libvirt-lxc containers, with several sub-features described below and in the documentation
• supports to an alternate /proc file system tree (useful in containers) by setting the environment variable SYSDIG_HOST_ROOT
• supports parsing network connections from /proc from a network namespace different than the global one
• container information is available in the chisel API (thread table)
• -pc and -pcontainer will use a container-friendly output format for events
• Automated Docker builds for running sysdig: https://registry.hub.docker.com/u/sysdig/sysdig/
• sysdig-probe-loader: new script included with sysdig to facilitate loading the sysdig-probe module in atypic environments such as containers
• build-sysdig-probe-binaries: new script to prebuild sysdig-probe binaries for a specific set of kernel configurations (currently CoreOS) and upload them to S3 so that they can be downloaded at runtime on environments that don't ship kernel headers

New and updated chisels

• lscontainers: List the running containers.
• topcontainers_cpu: Top containers by CPU usage.
• topcontainers_error: Top containers by number of errors.
• topcontainers_file: Top containers by R+W disk bytes.
• topcontainers_net: Top containers by network I/O.
• echo_fds: container-aware (with -pc).
• fileslower: container-aware (with -pc).
• list_login_shells: container-aware (with -pc).
• netlower: container-aware (with -pc).
• proc_exec_time: container-aware (with -pc).
• scallslower: container-aware (with -pc).
• spy_logs: container-aware (with -pc).
• spy_syslog: container-aware (with -pc).
• spy_users: container-aware (with -pc).
• stderr: container-aware (with -pc).
• topconns: container-aware (with -pc).
• topfiles_bytes: container-aware (with -pc).
• topfiles_errors: container-aware (with -pc).
• topfiles_time: container-aware (with -pc).
• topports_server: container-aware (with -pc).
• topprocs_cpu: container-aware (with -pc).
• topprocs_errors: container-aware (with -pc).
• topprocs_file: container-aware (with -pc).
• topprocs_net: container-aware (with -pc).
• topscalls: container-aware (with -pc).
• topscalls_time: container-aware (with -pc).

New and updated filter fields

• thread.cgroups: all the cgroups the thread belongs to, aggregated into a single string.
• thread.cgroup: the cgroup the thread belongs to, for a specific subsystem. E.g. thread.cgroup.cpuacct.
• thread.vtid: the id of the thread generating the event as seen from its current PID namespace.
• proc.vpid: the id of the process generating the event as seen from its current PID namespace.
• container.id: the container id.
• container.name: the container name.
• container.image: the container image.

New and Updated events

• clone, execve, fork, vfork: add cgroups, vtid and vpid to the events to correctly report control group and PID namespaces information.