Configure Sysdig Captures

Create a Capture File

To create a capture file:

From the Explore module, select a host or container.
Click the Settings (ellipsis) drop-down menu, and select Sysdig Capture. The Sysdig Capture pop-up window will open.

Define the following parameters, and click the Start Capture button:

Parameter	Description
Capture path and name	The name of the capture file. The default name includes the date and time stamp the capture was created.
Time frame	The period of time captured. The default time is 15 seconds; the maximum capture time available is 24 hours. The capture file size limit is 100MB. Note Sysdig recommends using the default time to ensure captures are small and manageable.
Filter	Restricts the amount of trace information collected. For more information, including examples of available filters, refer to the Sysdig Github page.
Storage	The storage location for the capture files. The default storage location is the Sysdig Cloud Amazon S3 bucket. To configure a custom S3 storage bucket, refer to Configure AWS Capture File Storage.

The Sysdig agent will be signaled to start a capture, and send back the resulting trace file. The file will then be displayed in the Captures module.

Download a Capture File

To download a capture file:

From the Captures module, navigate to the target capture file.
Select the target capture file.
Click theDownloadbutton. A capture file will be automatically downloaded to your local machine.

Delete Capture Files

To delete a single capture file:

From the Captures module, select the capture file to be deleted.
Click the Delete button at the bottom of the Captures module:
On the Keep File prompt, click the Delete button to confirm, or the Keep File button to cancel.

To delete all capture files:

From the Captures module, click the Delete All button:
Click the Yes, Delete Captures button to confirm, or the Cancel button.