Configure Agent Modes

Agent modes provide the ability to control metric collection to fit your scale and specific requirement. You can choose one of the following modes to do so:

• Monitor

• Monitor Light

• Troubleshooting

• Secure

• Secure Light

• Custom Metrics Only

Using the appropriate mode for a specific environment can reduce the amount of resources (cpu and memory) that the agent consumes by avoiding unnecessary work.

Monitor

The Monitor mode offers an extensive collection of metrics. We recommend this mode to monitor enterprise environments.

monitor is the default mode if you are running the Enterprise tier. To switch back to the Monitor mode from a different mode, do one of the following:

• Add the following to the dragent.yaml file and restart the agent:

  feature:
    mode: monitor
  

• Remove the parameter related to the existing mode from the dragent.yaml file and restart the agent. For example, to switch from troubleshooting mode to monitor, delete the following lines:

  feature:
    mode: troubleshooting
  

Monitor Light

Monitor Light caters to the users that run agents in a resource-restrictive environment, or to those who are interested only in a limited set of metrics.

Monitor Light provides CPU, Memory, File, File system, and Network metrics. For more information, see Metrics Available in Monitor Light.

Enable Monitor Light Mode

To switch to the Monitor Light mode, edit the dragent.yaml file:

1. Open the dragent.yaml file.

2. Add the following configuration parameter:

   feature:
     mode: monitor_light
   

3. Restart the agent.

Troubleshooting

Troubleshooting mode offers sophisticated metrics with detailed diagnostic capabilities. Some of these metrics are heuristic in nature.

In addition to the extensive metrics available in the Monitor mode, Troubleshooting mode provides additional metrics such as net.sql and additional segmentation for file and network metrics. For more information, see Additional Metrics Values Available in Troubleshooting.

Enable Troubleshooting Mode

To switch to the Troubleshooting mode, edit the dragent.yaml file:

1. Open the dragent.yaml file.

2. Add the following configuration parameter:

   feature:
     mode: troubleshooting
   

3. Restart the agent.

Secure

The secure mode supports only Sysdig Secure features.

Sysdig agent collects no metrics in the secure mode, which, in turn, minimizes network consumption and storage requirement in the Sysdig backend. Lower resource usage can help reduce costs and improve performance.

In the Secure mode, the Monitor UI shows no data because no metrics are sent to the collector.

This feature requires agent v10.5.0 or above.

Enable Secure Mode

1. Open the dragent.yaml file.

2. Add the following:

   feature:
     mode: secure
   

3. Restart the agent.

Secure Light

The secure light mode supports only the following Sysdig Secure features:

• Runtime Policies
• Activity Audit (only executed commands)
• Captures

Sysdig agent running in secure_light mode consumes fewer resources than that of running in the secure mode.

This feature requires agent v12.10.0 or above.

Enable Secure Light

1. Open the dragent.yaml file.

2. Add the following:

   feature:
     mode: secure_light
   

3. Restart the agent.

Custom Metrics Only Mode

Custom Metrics Only mode collects the same metrics as the Monitor Light mode, but also adds the ability to collect the following:

• Custom Metrics: StatsD, JMX, App Checks, and Prometheus
• Kubernetes State Metrics

As such, Custom Metrics Only mode is suitable if would like to use most of the features of Monitor mode but are limited in resources.

This mode is not compatible with Secure. If your account is configured for Secure, you must explicitly disable Secure in the agent configuration if you wish to use this mode.

This mode requires agent v12.4.0 or above.

Enable Custom Metrics Only Mode

1. Open the dragent.yaml file.

2. Add the following configuration parameter:

   feature:
     mode: custom-metrics-only
   

3. If your account is enabled for Secure, add the following:

   security:
     enabled: false
   secure_audit_streams:
     enabled: false
   falcobaseline:
     enabled: false
   

   This configuration explicitly disables the Secure features in the agent. If you do not disable Secure, the agent will not start due to incompatiblity issues.

4. Restart the agent.