Contact Support
If troubleshooting and documentation haven’t helped, Contact
Support .
Submit a Support Ticket
Provide essential details on your
ticket for Sysdig support
to help resolve your issues.
Ticket Details to Include
Add details in the Description box (see below for tips on what to
enter):
Operating System:
Orchestrator:
Agent Version:
Company Name:
Operating System
Review Host Requirements for Agent
Installation to confirm
that your operating system is supported.
Submitting the output of uname -a and lsb_release -a will help
Sysdig support determine if the kernel is supported.
If you have a custom kernel and the kernel development headers are not
available, you will not be able to install our agent.
Also note if the Linux distribution used inside your application’s
container is not the same as the host.
Orchestrator Details
When using the Sysdig agent in an orchestration infrastructure
(Kubernetes, GKE, Mesos, etc.), submit the details of how the the
infrastructure was installed.
For example:
Which Kubernetes version
The cloud provider being run under (AWS, GKE, etc)
The number of nodes
The authentication method configured for the API server
Agent Version
To verify which agent version you are running, either:
Use the following command:
Non-Container agent:
/opt/draios/bin/dragent --version
Container agent:
~$ sudo docker exec -it <container_id> /opt/draios/bin/dragent --version
or
Check the Sysdig Monitor UI, by applying the
Host & Containers > Sysdig Agent Summary view in the Explore
tab.
Known issues may be resolved by upgrading to the latest agent version.
Adding Files
If basic ticket information is insufficient to resolve the issue, a
Sysdig support engineer may ask you to upload additional log files or
support bundles.
The following sections describe how to collect and deliver them to
Sysdig support.
File Upload Tips
Attach files rather than cutting/pasting logs or config files
into the email body. Important formatting will be preserved.
Compress large files before attaching. Files over 20MB will
require Sysdig support to supply you with a download link.
Include the host name the files came from.
Add files as applicable:
1 - Add Agent Files
Sysdig support may request additional files related to the agents.
After generating the files, add them to the Support ticket you
created. Review the file
upload tips on that page.
Debug the Agent Start Command or Manifest File
Many agent connection problems are due to transcription errors in the
agent start command or manifest files.
This is especially true with truncated access keys and when using the
Additional_Conf parameter
in a container agent installation. Always cut and paste and then modify
the Sysdig example commands or manifest files.
The docker start and native agent run commands are available in the
Settings > Agent Installation tab of the user interface.
If you are not an Admin level user you will not see the installation
tab, in this case, please request the instructions from the admin.
Try running the agent from the command line using the
‘docker start’ or curl command.
Ensure that you have the agent container ID.
Stop the container.
$ docker stop <container_id>
Debug the container. To do so, create a directory and copy log
files to that directory.
$ mkdir test_log
$ docker cp sysdig-agent:/opt/draios/logs ./test_log/
Once debugging is complete, start the agent container.
$ docker start <container_id>
Send in the command used and initial agent output.
Tip: if using docker start to debug the agent live, remove the
‘-d' option so the output will display on the console.
Sysdig Agent Configuration File and Logs
It’s helpful to attach the config file and latest log to your support
request if you see metrics not reporting or have agent connection
issues. Since the agent logs critical startup information when
initializing, restarting the agent and then collecting the logs is
desirable. For a container agent you can use:
docker restart sysdig-agent For a native Linux service agent use:
service dragent restart.
The Sysdig agent reads the user-settings configuration file
/opt/draios/etc/dragent.yaml. It generates log entries in
/opt/draios/logs/draios.log .
The agent will rotate out the log file when it reaches 10MB in size
keeping the 10 most recent log files archived with a date-stamp appended
to the filename.
Include the host name that the files came from.
Debug log level available
Docker Commands
To copy the configuration file and most recent log file out of an agent
running in a container use these Docker commands:
docker cp sysdig-agent:/opt/draios/logs/draios.log ./draios.log
docker cp sysdig-agent:/opt/draios/etc/dragent.yaml ./dragent.yaml
Kubernetes Commands
To get the dragent.yaml config information, run the command:
kubectl -n NAMESPACE describe configmap sysdig-agent > configmap.out
To get the log files, run the command:
kubectl -n NAMESPACE cp sysdig-agent-AGENT_ID:/opt/draios/logs/. .
The above command will grab ALL the log files (including the rollovers)
and place them in the directory where the command was run.
Kubernetes: Check for Delegated Agents
With agents deployed in a Kubernetes environment, it can be useful
to know which agents are “delegated” to poll the Kubernetes API server.
To do this, you must generate agent log files (see above) and search for
‘delegated’.
Logs are stored in /opt/draios/logs/draios.log.
For agent versions 0.77.0 or later: you will see log entries
stating whether your agent is/is not the delegated node and the
exact address of the delegated node.
Search for the string “Delegated’.
For agents before version 0.77.0: issue the command:
By default, the top two addresses automatically became delegated
polling agents.
Alternatively, enabling debug
mode in agent versions
0.64.0 and beyond will show the node list in any agent logs as well.
Docker Swarm: Find the Docker Swarm Master
When using a Sysdig agent inside a Docker Swarm, metadata (information
about inventory, labels, ext..) is collected from the Docker Swarm
masters.
Effort should be made to collect the logs from the masters, and more
specifically the “leader” when a problem with Docker Swarm inventory is
suspected.
To determine which Docker Swarm nodes are masters and leaders:
Run the command:
Example:
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
789sgbfdbtcdtn9npbnkuz worker1 Ready Active
76avknaakzbvmwlnh5jr3g * manager1 Ready Active Leader
Under the Manager Status column, you can note which node is the
“Leader”.
2 - Add Browser Files
Sysdig support may request additional files related to the browser.
After generating the files, add them to the Support ticket you
created. Review the file
upload tips on that page.
Submit a Web Browser Log Using HAR Files
Use a HAR file to log a web
browser’s interaction with Sysdig Monitor or Sysdig Secure.
When debugging issues (particularly for
On-Premises installations)
you may be asked to provide a HAR file to Sysdig Support to help isolate
the root cause of an issue.
NOTE: HAR files contain sensitive information from your browser
session while recording, such as the content of the pages you
downloaded, cookies, or other personal details.
See below for browser-specific steps to gathering HAR files.
Chrome
Record your session using the Network tab in the Developer Tools in
Chrome. Follow the steps 1-6 below to prepare for recording and steps
7-9 to record your problematic operation.
Login to Sysdig Monitor and navigate to a page where you are
experiencing an issue
Open the Developer Tools from the Chrome menu (Menu > More
Tools > Developer tools)
Click on the Network tab
Look for a round button at the top left of the Network tab. Make
sure it is red. If it is grey, click it once to start recording.
Make sure the box next to “Preserve log” is unchecked and next to
“Disable cache” is checked
In the main browser window, refresh the page in the Sysdig Monitor
application
Reproduce your issue in as few steps as possible
Click the red Record button to stop the recording.
Save the capture by right-clicking anywhere within the on the grid
and choosing “Save All as HAR with Content”
Close Developer Tools by pressing the in the upper-right of the
console
Firefox
Record your HTTP session using the Network option in the Developer
Tools in Firefox. Follow the steps 1-4 below to prepare for recording
and steps 5-6 to record your problematic operation.
Login to Sysdig Monitor and navigate to a page where you are
experiencing an issue
Open the Developer Tools from the menu in the upper-right of your
Firefox window
Click on Network in the Developer menu
In the main browser window, refresh the page in the Sysdig Monitor
application
Reproduce your issue in as few steps as possible
Save the capture by right-clicking anywhere within the on the grid
and choosing “Save All As HAR”
Close Developer Tools by pressing the in the upper-right of the
console
Other Browsers
Chrome and Firefox are the only browsers for which Sysdig currently
provides steps for gathering HAR file data. If you have an issue that
requires reproducing with a different browser, contact Sysdig Support.
3 - Add Backend Files (On-Premises Only)
A support request for an on-premises installation may include support
bundle files and application logs.
The Kubernetes orchestrator has facilities to create
useful support bundle files. Create a bundle file using the appropriate
section below and send it to Sysdig Support for suspected backend
problems.
After generating the files, add them to the Support ticket you created. Review the file
upload tips on that page.
For a Kubernetes Installation
If you are running the Sysdig Platform on-premises Kubernetes version,
generate the application support bundle via a script that is provided in
the Sysdig GitHub repository
Supply the script with the namespace, and optionally the context
where Sysdig is deployed, and it will generate a tarball with backend
logs and configuration information.
./scripts/get_support_bundle.sh -n sysdigcloud
The version of the Sysdig Application is visible in the application’s
container image files:
kubectl -n sysdigcloud get deployment sysdigcloud-api | grep sysdigcloud-backend