This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Contact Support

If troubleshooting and documentation haven’t helped, Contact Support .

Submit a Support Ticket

Provide essential details on your ticket for Sysdig support to help resolve your issues.

Ticket Details to Include

Add details in the Description box (see below for tips on what to enter):

Operating System:

Orchestrator:

Agent Version:


Company Name:

Operating System

Review Host Requirements for Agent Installation to confirm that your operating system is supported.

Submitting the output of uname -a and lsb_release -a will help Sysdig support determine if the kernel is supported.

If you have a custom kernel and the kernel development headers are not available, you will not be able to install our agent.

Also note if the Linux distribution used inside your application’s container is not the same as the host.

lsb_release is part of a software package called the LSB core, which is not necessarily installed on your system by default. If it is not installed, see https://wiki.itcollege.ee/index.php/Lsb_release.

Orchestrator Details

When using the Sysdig agent in an orchestration infrastructure (Kubernetes, GKE, Mesos, etc.), submit the details of how the the infrastructure was installed.

For example:

  • Which Kubernetes version

  • The cloud provider being run under (AWS, GKE, etc)

  • The number of nodes

  • The authentication method configured for the API server

Agent Version

To verify which agent version you are running, either:

  1. Use the following command:

    Non-Container agent:

    /opt/draios/bin/dragent --version
    

    Container agent:

    ~$ sudo docker exec -it <container_id> /opt/draios/bin/dragent --version
    

    or

  2. Check the Sysdig Monitor UI, by applying the Host & Containers > Sysdig Agent Summary view in the Explore tab.

Known issues may be resolved by upgrading to the latest agent version.

Adding Files

If basic ticket information is insufficient to resolve the issue, a Sysdig support engineer may ask you to upload additional log files or support bundles.

The following sections describe how to collect and deliver them to Sysdig support.

File Upload Tips

  • Attach files rather than cutting/pasting logs or config files into the email body. Important formatting will be preserved.

  • Compress large files before attaching. Files over 20MB will require Sysdig support to supply you with a download link.

  • Include the host name the files came from.

Add files as applicable:

1 - Add Agent Files

Sysdig support may request additional files related to the agents.

After generating the files, add them to the Support ticket you created. Review the file upload tips on that page.

Debug the Agent Start Command or Manifest File

Many agent connection problems are due to transcription errors in the agent start command or manifest files.

This is especially true with truncated access keys and when using the Additional_Conf parameter in a container agent installation. Always cut and paste and then modify the Sysdig example commands or manifest files.

The docker start and native agent run commands are available in the Settings > Agent Installation tab of the user interface.

If you are not an Admin level user you will not see the installation tab, in this case, please request the instructions from the admin.

  • Try running the agent from the command line using the ‘docker start’ or curl command.

    1. Ensure that you have the agent container ID.

      $ docker ps -a
      
    2. Stop the container.

      $ docker stop <container_id>
      
    3. Debug the container. To do so, create a directory and copy log files to that directory.

      $ mkdir test_log
      $ docker cp sysdig-agent:/opt/draios/logs ./test_log/
      
    4. Once debugging is complete, start the agent container.

      $ docker start <container_id>
      
  • Send in the command used and initial agent output.

  • Tip: if using docker start to debug the agent live, remove the ‘-d' option so the output will display on the console.

Sysdig Agent Configuration File and Logs

It’s helpful to attach the config file and latest log to your support request if you see metrics not reporting or have agent connection issues. Since the agent logs critical startup information when initializing, restarting the agent and then collecting the logs is desirable. For a container agent you can use: docker restart sysdig-agent For a native Linux service agent use: service dragent restart.

The Sysdig agent reads the user-settings configuration file /opt/draios/etc/dragent.yaml. It generates log entries in /opt/draios/logs/draios.log .

The agent will rotate out the log file when it reaches 10MB in size keeping the 10 most recent log files archived with a date-stamp appended to the filename.

Include the host name that the files came from.

Debug log level available

Docker Commands

To copy the configuration file and most recent log file out of an agent running in a container use these Docker commands:

docker cp sysdig-agent:/opt/draios/logs/draios.log  ./draios.log
docker cp sysdig-agent:/opt/draios/etc/dragent.yaml ./dragent.yaml

Kubernetes Commands

To get the dragent.yaml config information, run the command:

kubectl -n NAMESPACE describe configmap sysdig-agent > configmap.out

To get the log files, run the command:

kubectl -n NAMESPACE cp sysdig-agent-AGENT_ID:/opt/draios/logs/. .

The above command will grab ALL the log files (including the rollovers) and place them in the directory where the command was run.

Kubernetes: Check for Delegated Agents

With agents deployed in a Kubernetes environment, it can be useful to know which agents are “delegated” to poll the Kubernetes API server.

To do this, you must generate agent log files (see above) and search for ‘delegated’.

Logs are stored in /opt/draios/logs/draios.log.

  • For agent versions 0.77.0 or later: you will see log entries stating whether your agent is/is not the delegated node and the exact address of the delegated node.

    Search for the string “Delegated’.

  • For agents before version 0.77.0: issue the command:

    kubectl get nodes
    

    By default, the top two addresses automatically became delegated polling agents.

  • Alternatively, enabling debug mode in agent versions 0.64.0 and beyond will show the node list in any agent logs as well.

Docker Swarm: Find the Docker Swarm Master

When using a Sysdig agent inside a Docker Swarm, metadata (information about inventory, labels, ext..) is collected from the Docker Swarm masters.

Effort should be made to collect the logs from the masters, and more specifically the “leader” when a problem with Docker Swarm inventory is suspected.

To determine which Docker Swarm nodes are masters and leaders:

  1. Run the command:

    docker node ls
    

    Example:

    $ docker node ls
    ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
    789sgbfdbtcdtn9npbnkuz worker1 Ready Active
    76avknaakzbvmwlnh5jr3g * manager1 Ready Active Leader
    
  2. Under the Manager Status column, you can note which node is the “Leader”.

2 - Add Browser Files

Sysdig support may request additional files related to the browser.

After generating the files, add them to the Support ticket you created. Review the file upload tips on that page.

Submit a Web Browser Log Using HAR Files

Use a HAR file to log a web browser’s interaction with Sysdig Monitor or Sysdig Secure.

When debugging issues (particularly for On-Premises installations) you may be asked to provide a HAR file to Sysdig Support to help isolate the root cause of an issue.

NOTE: HAR files contain sensitive information from your browser session while recording, such as the content of the pages you downloaded, cookies, or other personal details.

See below for browser-specific steps to gathering HAR files.

Chrome

Record your session using the Network tab in the Developer Tools in Chrome. Follow the steps 1-6 below to prepare for recording and steps 7-9 to record your problematic operation.

  1. Login to Sysdig Monitor and navigate to a page where you are experiencing an issue

  2. Open the Developer Tools from the Chrome menu (Menu > More Tools > Developer tools)

  3. Click on the Network tab

  4. Look for a round button at the top left of the Network tab. Make sure it is red. If it is grey, click it once to start recording.

  5. Make sure the box next to “Preserve log” is unchecked and next to “Disable cache” is checked

  6. In the main browser window, refresh the page in the Sysdig Monitor application

  7. Reproduce your issue in as few steps as possible

  8. Click the red Record button to stop the recording.

  9. Save the capture by right-clicking anywhere within the on the grid and choosing “Save All as HAR with Content

  10. Close Developer Tools by pressing the in the upper-right of the console

Firefox

Record your HTTP session using the Network option in the Developer Tools in Firefox. Follow the steps 1-4 below to prepare for recording and steps 5-6 to record your problematic operation.

  1. Login to Sysdig Monitor and navigate to a page where you are experiencing an issue

  2. Open the Developer Tools from the menu in the upper-right of your Firefox window

  3. Click on Network in the Developer menu

  4. In the main browser window, refresh the page in the Sysdig Monitor application

  5. Reproduce your issue in as few steps as possible

  6. Save the capture by right-clicking anywhere within the on the grid and choosing “Save All As HAR

  7. Close Developer Tools by pressing the in the upper-right of the console

Other Browsers

Chrome and Firefox are the only browsers for which Sysdig currently provides steps for gathering HAR file data. If you have an issue that requires reproducing with a different browser, contact Sysdig Support.

3 - Add Backend Files (On-Premises Only)

A support request for an on-premises installation may include support bundle files and application logs.

The Kubernetes orchestrator has facilities to create useful support bundle files. Create a bundle file using the appropriate section below and send it to Sysdig Support for suspected backend problems.

After generating the files, add them to the Support ticket you created. Review the file upload tips on that page.

For a Kubernetes Installation

If you are running the Sysdig Platform on-premises Kubernetes version, generate the application support bundle via a script that is provided in the Sysdig GitHub repository

Supply the script with the namespace, and optionally the context where Sysdig is deployed, and it will generate a tarball with backend logs and configuration information.

./scripts/get_support_bundle.sh -n sysdigcloud

The version of the Sysdig Application is visible in the application’s container image files:

kubectl -n sysdigcloud get deployment sysdigcloud-api | grep sysdigcloud-backend