Configuration Library
Generic Configuration
Configuration | dragent.yaml | Helm | Description | Default and Example |
Cluster | k8s_cluster_name | global.clusterConfig.name | Identifier for the Kubernetes cluster where you install the agent. For more information, see Agent Configuration. | For example, |
Access Key | customerid | global.sysdig.accessKey | See Sysdig Agent Access Keys to learn how to retrieve the agent keys. | |
Secret | N/A | global.sysdig.accessKeySecret | The name of a Kubernetes secret containing an access-key entry. | |
Region | N/A | global.sysdig.region | The SaaS region where the agent is installed. Possible values include: | us1 |
Global Tags | tags | global.sysdig.tags | Sets the global tags which can override agent tags. See Quick Install Sysdig Agent for more information | |
Agent Tags | tags | The list of tags to identify the host where the agent is installed. For example: role:webserver , location:europe , role:webserver . See Quick Install Sysdig Agent for more information. | ||
Proxy | http_proxy | global.proxy.httpProxy | Allows the agent to communicate with Sysdig collector through a | |
HTTP Proxy Host | http_proxy.proxy_host | The host IP of the proxy server. | ||
HTTP Proxy Port | http_proxy.proxy_port | See Enable HTTP Proxy for Agents for more information. | ||
http_proxy.proxy_user | See Enable HTTP Proxy for Agents for more information. | |||
http_proxy.proxy_password | See Enable HTTP Proxy for Agents for more information. | |||
http_proxy.ssl | See Enable HTTP Proxy for Agents for more information. | |||
http_proxy.ssl_verify_certificate | See Enable HTTP Proxy for Agents for more information. | |||
http_proxy.ca_certificate | See Enable HTTP Proxy for Agents for more information. | |||
Collector | collectorSettings.collectorHost | Enter the hostname or IP address of the Sysdig collector service. Note that when used within See On-Premises Installation for more information. | ||
Collector Port | On-prem only. The port used by the Sysdig collector service. | 6443 | ||
eBPF | N/A | ebpf.enabled | Set to | The default is |
N/A | ebpf.kind | Set to | ||
FIPS mode | fips_mode | Optional. Set to | The default is | |
OpenSSL Library Location | openssl_lib | Version 12.16.x: Required when Version 12.17.0 and newer: Optional. Path to the directory containing user-provided OpenSSL v3.1 shared library files, ( | By default, the agent uses bundled OpenSSL shared libraries. |
Monitor-Specific Configuration
Configuration | dragent.yaml | Helm | Description | Default and Example |
StatsD | statsd | Controls StatsD metric collection. | enabled | |
| See StatsD for more information. | |||
| See StatsD for more information. | |||
| See StatsD for more information. | |||
| The | By default, the agent includes a statsd server that listens on the loopback interface (127.0.0.1) for incoming statsd messages, which does not allow accepting messages originating from remote hosts. Use the | ||
Events |
| Controls Event Collection metric collection. |
| |
| ||||
Log |
| Allows you to configure log levels metric collection. | ||
| ||||
| ||||
Prometheus |
| Controls Prometheus Native Service Discovery. | ||
JMX |
| Controls JMX metrics collection. | ||
App Checks |
| Controls monitoring capabilities using App Checks. | ||
KSM |
| Enable and disable Kube State Metrics collection. | enabled | |
Go Events | go_k8s_user_events | Streamline Sysdig agent processing times and reduce CPU load. | true | |
Agent Console |
| Enable Agent Console to interact with the Sysdig agent to troubleshoot and investigate agent configuration problems quickly. | enabled | |
Secure-Specific Configuration
Configure Falco Rule Matching Strategy
Prerequisites: Sysdig agent v.12.18+
From Sysdig agent v12.18.0+, the agent evaluates an event against all the rules, potentially triggering multiple alerts. In previous versions, the agent stopped evaluating rules after the first match.
To control this behavior, a new option has been added to dragent.yaml
: security.falco_match_strategy
security:
falco_match_strategy: all
To evaluate all rules for every event; set it to all
. This is the default option.
To stop evaluation after the first match; set it to first
.
Report Actions in Kubernetes Events
For a full description of the feature, see Threat Detection Policies.
Prerequisites
Sysdig agent v.12.18+
Permissions
Helm: If you deploy the agent using Helm, the permissions to enable
create
andpatch
actions for events on all APIs are automatically granted.Manual: If you deploy manually, you must set up a Kubernetes cluster role with those permissions enabled. Example without cluster role binding:
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: sysdig-agent rules: - apiGroups: - "" resources: - events verbs: - create - patch
Example with cluster role binding:
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: sysdig-agent rules: - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: sysdig-agent roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: sysdig-agent subjects: - kind: ServiceAccount name: sysdig-agent namespace: sysdig-agent ---
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.