Configure Sysdig Captures

Create a Capture File

To create a capture file:

  1. From the Explore module, select a host or container.

  2. Click the Settings (ellipsis) drop-down menu, and select Sysdig Capture. The Sysdig Capture pop-up window will open.

  3. Define the following parameters, and click the Start Capture button:

    Parameter

    Description

    Capture path and name

    The name of the capture file. The default name includes the date and time stamp the capture was created.

    Time frame

    The period of time captured. The default time is 15 seconds; the maximum capture time available is 24 hours. The capture file size limit is 100MB.

    Note

    Sysdig recommends using the default time to ensure captures are small and manageable.

    Filter

    Restricts the amount of trace information collected. For more information, including examples of available filters, refer to the Sysdig Github page.

    Storage

    The storage location for the capture files. The default storage location is the Sysdig Cloud Amazon S3 bucket. To configure a custom S3 storage bucket, refer to Configure AWS Capture File Storage.

The Sysdig agent will be signaled to start a capture, and send back the resulting trace file. The file will then be displayed in the Captures module.

Store a Capture File

Sysdig capture files are stored in Sysdig's AWS S3 storage (for SaaS environments), or in the Cassandra DB (for on-premises environments) by default. To configure a custom S3 storage bucket, refer to Configure a Custom S3 Capture Bucket.

Download a Capture File

To download a capture file:

  1. From the Captures module, navigate to the target capture file.

  2. Select the target capture file.

  3. Click theDownloadbutton. A capture file will be automatically downloaded to your local machine.

Delete Capture Files

To delete a single capture file:

  1. From the Captures module, select the capture file to be deleted.

  2. Click the Delete button at the bottom of the Captures module:

    373784828.png

  3. On the Keep File prompt, click the Delete button to confirm, or the Keep File button to cancel.

To delete all capture files:

  1. From the Captures module, click the Delete All button:

    373784832.png

  2. Click the Yes, Delete Captures button to confirm, or the Cancel button.