-
Notifications
You must be signed in to change notification settings - Fork 730
How to Install Sysdig from the Source Code
NOTE: sysdig can be compiled under Linux, OSX and Windows, but only the Linux version is capable of capturing events and doing live analysis. On the other platforms, you will be limited to working with the capture files generated by a Linux installation of sysdig.
Requirements
- GCC/G++ > 4.8 (Linux) or Clang (for OSX)
- Linux kernel headers
- CMake > 2.8.2
- libelf1 headers (package libelf-dev on Debian, elfutils-libelf-devel on Red-Hat)
- pkg-config binary
- For Linux, the following kernel options must be enabled (usually they are, unless a custom built kernel is used):
CONFIG_TRACEPOINTS
CONFIG_HAVE_SYSCALL_TRACEPOINTS
The single-line apt-get you're probably looking for is
$ sudo apt install -y g++ linux-headers cmake libelf-dev pkg-config
Installation Instructions
- Download the sysdig github repository to your local machine
- From the command line, navigate to the sysdig repository on your local machine
- Be connected to the internet (some downloading is required) and run the following commands:
mkdir build
cd build
cmake ..
make
make install
Note: Sysdig's build can get confused with GNU make's parallel job option (-j). If you are getting build errors with a -j# option try again without it.
This will just install sysdig and chisels, the compiled kernel module (needed for live capture and built on Linux only) will stay in build/driver/scap.ko
(which can be manually loaded with insmod
).
If you want to install the driver in the current kernel modules directory, then use (as root):
make install_driver
Development Installation Instructions
Note: It is suggested to develop from within a non-critical virtualized environment
- Download the sysdig github repository to your local machine
- From the command line, navigate to the sysdig repository on your local machine
- Run the following commands to build, but do not install:
mkdir build
cd build
cmake ..
make
- Run sysdig from the following path as root {gitpath}/sysdig/build/userspace/sysdig
Development Kernel Module install/help
- scap.ko is located in {gitpath}/sysdig/driver
# Check if the sysdig kernel module is loaded
lsmod | grep scap
# Remove the sysdig kernel module
rmmod scap
# Load the sysdig kernel module
insmod scap.ko
Build options
To manually specify the installation target directory, use:
cmake -DCMAKE_INSTALL_PREFIX=/my/prefix ..
By default the make
target will compile the kernel module as well. If you prefer to not do that (e.g. you're not interested in the live capture feature or you are making a package), then you can do:
cmake -DBUILD_DRIVER=OFF
By default the bundled version of LuaJIT will be built and linked statically. If you prefer to use the system one, then you can do:
cmake -DUSE_BUNDLED_LUAJIT=OFF ..
Or, if LuaJIT is installed in a non-standard path:
cmake -DUSE_BUNDLED_LUAJIT=OFF -DLUAJIT_PREFIX=/opt/superluajit ..
By default the bundled version of JsonCpp will be built and linked statically. If you prefer to use the system one, then you can do:
cmake -DUSE_BUNDLED_JSONCPP=OFF ..
Or, if JsonCpp is installed in a non-standard path:
cmake -DUSE_BUNDLED_JSONCPP=OFF -DJSONCPP_PREFIX=/opt/superjson ..
By default the bundled version of zlib will be built and linked statically. If you prefer to use the system one, then you can do:
cmake -DUSE_BUNDLED_ZLIB=OFF ..
Or, if zlib is installed in a non-standard path:
cmake -DUSE_BUNDLED_ZLIB=OFF -DZLIB_PREFIX=/opt/superzlib ..
By default the bundled version of ncurses will be built and linked statically. If you prefer to use the system one, then you can do:
cmake -DUSE_BUNDLED_NCURSES=OFF ..
If you plan on making changes to the sysdig code, it can be handy to compile everything in debug mode, so that assertions are enabled and can save you some time troubleshooting issues:
cmake -DCMAKE_BUILD_TYPE=Debug ..
This basic Vagrantfile will instantiate an Ubuntu 13.10 build environment, populating it with all necessary software requirements:
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure(2) do |config|
config.vm.box = "utopic64"
#The following url might be different as the current version of ubuntu changes
config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
config.vm.provision "shell", inline: <<-SHELL
sudo apt-get update
sudo apt-get -y install linux-headers-$(uname -r) cmake g++ git
SHELL
end
You may now proceed with 'Installation Instructions' in the Linux section above.
Requirements
- Windows 7 SP1 (x86 and x64) or higher
- Visual Studio Express 2015 for Windows Desktop (download page)
- cmake for Windows (download page)
Installation Instructions
- Download the sysdig github repository to your local machine
- Open a Developer Command Prompt and navigate to the sysdig repository on your local machine
- Run the following below within the Developer Command Prompt from the sysdig root dir
Note: Developer Command Prompt normal location:
- "C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\Tools\Shortcuts"
cd path_to/git/sysdig/
md build
cd build
cmake -G "Visual Studio 14 Win64" ..
msbuild sysdig.sln /p:Configuration=Release
The previous steps compile sysdig as a 64bit executable. If you want to build a 32bit executable, replace the cmake
command with
cmake -G"Visual Studio 14" ..
If you plan on making changes to the sysdig code, it can be handy to compile everything in debug mode, so that assertions are enabled and can save you some time troubleshooting issues:
msbuild sysdig.sln /p:Configuration=Debug
In addition, if you want to use the Visual Studio IDE then the following changes are suggested within settings:
-
Default project: Make the project
sysdig
the StartUp Project -
Command: Change the Debugging / Command parameter to
$(SolutionDir)$(Configuration)\$(TargetFileName)
-
Working Directory: Change the Debugging / Working Directory parameter to
$(SolutionDir)$(Configuration)\