Sysdig Agent Release Notes
13.0.1 March 11, 2024
This hotfix fixed an issue where the Sysdig Agent could retain allocated UDP ports until reaching port saturation, occurring under specific combinations of the driver used and enabled features.
13.0.0 March 06, 2024
We strongly recommend you to skip v13.0.0 and upgrade to Sysdig Agent v13.0.1. See Breaking Changes for more information.
Feature Enhancements
Updated Docker Image to UBI9
Sysdig Agent’s Universal Base Image has been upgraded from UBI8 to UBI9.
Added Agent Health Metrics in secure_light Mode
Added the following health metrics when the agent is running in secure_light
mode:
sysdig_agent_analyzer_num_evts
sysdig_agent_analyzer_dropped_evts
Support for TLS and Basic Authentication in Agent Prometheus Exporter
Agent Prometheus Exporter now supports TLS and basic authentications.
Ability to Collect Subattributes from JMX metrics
Added ability to collect individual subattributes from CompositeData JMX metrics.
Availability of Promscrape in ARM64 in FIPS Mode
Sysdig Agent now includes FIPS-mode promscrape binary previously missing for ARM platforms.
Kill Process in Workload
In Threat Detection Policies, Workload and List Matching policies can now be configured to kill the event-triggering process. For details, see Workload.
Breaking Changes
As part of Sysdig Agent 13.0.0 release, and as anticipated in the release notes for the 12.20.0, Sysdig dropped the support for:
- logwatcher
- RHEL6 and CentOS6
All Sysdig users affected by these changes have been notified. If you haven’t received any communication from Sysdig, it means there is no impact on your usage.
Defect Fixes
Updated ssl_shim
Configuration
The ssl_shim
configuration has been changed to fix an issue where openssl.cnf
bundled with the agent expected ssl_shim
to select the FIPS or non-FIPS providers at startup time. This configuration broke other programs that are dynamically linked against OpenSSL v3.
Added a openssl_conf
configuration flag to allow users to specify a custom openssl.cnf
file for use with the agent. To include custom OpenSSL v3 library, you need to set the custom openssl_conf
and your library path. This configuration is required when openssl_lib
points the agent to a custom OpenSSL v3.x library. See openssl_lib for more information.
Support for Universal eBPF on 1-vcore Machines
Universal eBPF is now supported on 1-vcore machines.
Scoping Events to Containers on Specific Kubernetes Clusters
The host scope resolution now works correctly when additional scope predicates are specified along with the standard contauner_id=""
. For example, contauner_id=""
and kubernetes.cluster.name=my_cluster
Fixed Misleading Collector Reconnection Attempts Logs
Fixed an issue where agent report a large number of logs with “No further retries left for attach to container”.
12.20.0 January 31, 2024
Feature Enhancements
Removed the sysdig_secure.enabled
Tag
Removed the hardcoded sysdig_secure.enabled
tag generated when runtime detection is enabled using the following configuration:
security:
enabled: true
Use the agent_secure_enabled
label in the sysdig_agent_info
metric instead to check if runtime detection is enabled.
Enhanced Kernel Sampling Ratio to Handle High Event Loads
The activation logic of the kernel sampling ratio has been improved. You may notice a change in sampling ratio metrics behavior after upgrading to v12.20.0. This behavior is intentional and indicative of a healthy system response.
The sampling ratio is a key tool for the agent to regulate performance during high workloads. Monitoring these metrics gives valuable insights into the overall health of the agent. Version 12.20.0 brings the improvement to optimize the agent’s adaptability to high event loads.
Support for Container Actions and Captures
Sysdig agent supports the following new actions in Container Drift policies and Malware policies:
- The ability to create capture files
- The ability to Kill/Pause/Stop a container
Malware policies are currently in Controlled Availability. Contact Sysdig Support for access to the Malware feature.
Defect Fixes
Updating Kernel No Longer Results in DKMS Failure
Fixed an issue where updating the kernel resulted in Dynamic Kernel Module Support(DKMS) failure in host installations with kmod.
Additional Log Lines No Longer Appear After Agent Update
Fixed an issue where policy events with associated actions could cause a significant increase in the number of lines logged.
Deprecation Notice
In the upcoming agent release, Sysdig will deprecate the support for logwatcher, RHEL6, and CentOS6.
2023 Archive
2023 Archive of Sysdig Agent release notes.
2022 Archive
2022 Archive of Sysdig Agent release notes.
2021 Archive
2021 Archive of Sysdig Agent release notes.
2020 Archive
2020 Archive of Sysdig Agent release notes.
2019 Archive
2019 Archive of Sysdig Agent release notes.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.