There are three primary types of events displayed in the Sysdig Monitor Events feed: alert events, infrastructure events, Sysdig events, and custom events.
Alert Events
Alert events are triggered by user-configured alerts. For more information on configuring alerts, refer to the Sysdig Monitor Alerts documentation.
Sysdig Events
The event type Sysdig identifies internal events which might contain useful information. One example is failing notiifcations. For more information, see Notification Failures.
Infrastructure Events
Events can be collected from supported services within the production
environment. The Sysdig agent automatically discovers these services and
is configured to collect event data for a select group of events by
default. Additional events can be added to the list by configuring the
dragent.yaml file.
Sysdig currently supports event monitoring for the following infrastructure services:
Events marked with * are enabled by default. For more information on
configuring additional infrastructure events, refer to the
Enable/Disable Event Data.
Docker Events
The following Docker events are supported.
docker:
container:
- attach # Container Attached (information)
- commit # Container Committed (information)
- copy # Container Copied (information)
- create # Container Created (information)
- destroy # Container Destroyed (warning)
- die # Container Died (warning)
- exec_create # Container Exec Created (information)
- exec_start # Container Exec Started (information)
- export # Container Exported (information)
- kill # Container Killed (warning)
- oom # Container Out of Memory (warning)
- pause # Container Paused (information)
- rename # Container Renamed (information)
- resize # Container Resized (information)
- restart # Container Restarted (warning)
- start # Container Started (information)
- stop # Container Stopped (information)
- top # Container Top (information)
- unpause # Container Unpaused (information)
- update # Container Updated (information)
image:
- delete # Image Deleted (information)
- import # Image Imported (information)
- pull # Image Pulled (information)
- push # Image Pushed (information)
- tag # Image Tagged (information)
- untag # Image Untaged (information)
volume:
- create # Volume Created (information)
- mount # Volume Mounted (information)
- unmount # Volume Unmounted (information)
- destroy # Volume Destroyed (information)
network:
- create # Network Created (information)
- connect # Network Connected (information)
- disconnect # Network Disconnected (information)
- destroy # Network Destroyed (information)
ContainerD Events
The following ContainerD events are supported.
containerd:
container:
- create # Container created (information)
- exit # Container exited (information)
- die # Container exited with an error (warning)*
- oom # Container out of memory (warning)*
image:
- create # Image created (information)
- update # Image updated (information)
- delete # Image deleted (information)
Kubernetes Events
The following Kubernetes events are supported.
kubernetes:
node:
- TerminatedAllPods # Terminated All Pods (information)
- RegisteredNode # Node Registered (information)*
- RemovingNode # Removing Node (information)*
- DeletingNode # Deleting Node (information)*
- DeletingAllPods # Deleting All Pods (information)
- TerminatingEvictedPod # Terminating Evicted Pod (information)*
- NodeReady # Node Ready (information)*
- NodeNotReady # Node not Ready (information)*
- NodeSchedulable # Node is Schedulable (information)*
- NodeNotSchedulable # Node is not Schedulable (information)*
- CIDRNotAvailable # CIDR not Available (information)*
- CIDRAssignmentFailed # CIDR Assignment Failed (information)*
- Starting # Starting Kubelet (information)*
- KubeletSetupFailed # Kubelet Setup Failed (warning)*
- FailedMount # Volume Mount Failed (warning)*
- NodeSelectorMismatching # Node Selector Mismatch (warning)*
- InsufficientFreeCPU # Insufficient Free CPU (warning)*
- InsufficientFreeMemory # Insufficient Free Mem (warning)*
- OutOfDisk # Out of Disk (information)*
- HostNetworkNotSupported # Host Ntw not Supported (warning)*
- NilShaper # Undefined Shaper (warning)*
- Rebooted # Node Rebooted (warning)*
- NodeHasSufficientDisk # Node Has Sufficient Disk (information)*
- NodeOutOfDisk # Node Out of Disk Space (information)*
- InvalidDiskCapacity # Invalid Disk Capacity (warning)*
- FreeDiskSpaceFailed # Free Disk Space Failed (warning)*
pod:
- Pulling # Pulling Container Image (information)
- Pulled # Ctr Img Pulled (information)
- Failed # Ctr Img Pull/Create/Start Fail (warning)*
- InspectFailed # Ctr Img Inspect Failed (warning)*
- ErrImageNeverPull # Ctr Img NeverPull Policy Violate (warning)*
- BackOff # Back Off Ctr Start, Image Pull (warning)
- Created # Container Created (information)
- Started # Container Started (information)
- Killing # Killing Container (information)*
- Unhealthy # Container Unhealthy (warning)
- FailedSync # Pod Sync Failed (warning)
- FailedValidation # Failed Pod Config Validation (warning)
- FailedScheduling # FailedScheduling (warning)*
- OutOfDisk # Out of Disk (information)*
- HostPortConflict # Host/Port Conflict (warning)*
replicationController:
- SuccessfulCreate # Pod Created (information)*
- FailedCreate # Pod Create Failed (warning)*
- SuccessfulDelete # Pod Deleted (information)*
- FailedDelete # Pod Delete Failed (warning)*
replicaSet:
- SuccessfulCreate # Pod Created (information)*
- FailedCreate # Pod Create Failed (warning)*
- SuccessfulDelete # Pod Deleted (information)*
- FailedDelete # Pod Delete Failed (warning)*
deployment:
- SelectingAll # Selecting All Pods (warning)*
- ScalingReplicaSet # Scaling Replica Set (information)*
- DeploymentRollbackRevisionNotFound # No revision to roll back (warning)*
- DeploymentRollbackTemplateUnchanged # Skipping Rollback (warning)*
- DeploymentRollback # Rollback Done (information)*
daemonSet:
- SelectingAll # Selecting All Pods (warning)*
statefulSet:
- SuccessfulCreate # Pod Created (information)*
- FailedCreate # Pod Create Failed (warning)*
- SuccessfulDelete # Pod Deleted (information)*
- FailedDelete # Pod Delete Failed (warning)*
- RecreatingFailedPod # Recreate fail pod (warning)*
service:
- CreatingLoadBalancerFailed # Load Balancer Create Failed (warning)*
- CleanupLoadBalancerFailed # Load Balancer Cleanup Failed (warning)*
- DeletingLoadBalancer # Load Balancer Delete Start (information)
- DeletingLoadBalancerFailed # Load Balancer Delete Failed (warning)*
- DeletedLoadBalancer # Load Balancer Delete End (information)
- UnAvailableLoadBalancer # Unavailable Load Balancer (warning)*
- UpdatedLoadBalancer # Updated Load Balancer (information)*
- UpdateLoadBalancerFailed # Load Balancer Update Failed (warning)*
- SyncLoadBalancerFailed # Load Balancer Sync Failed (warning)*
horizontalPodAutoscalar:
- SelectorRequired # Selector Required (warning)*
- InvalidSelector # Selector Not Valid (warning)*
- FailedConvertHPA # Failed to Convert HPA (warning)*
- FailedGetScale # Failed to get Scale (warning)*
- FailedComputeMetricsReplicas # Failed to Compute Replicas (warning)*
- FailedRescale # Failed to rescale (warning)*
- FailedUpdateStatus # Failed to update status (warning)*
Custom Events
Additional events can be collected by the Sysdig agent and displayed in the Events module, but require more comprehensive configuration steps. These custom events can be integrated via:
The Sysdig Monitor Slackbot
Python scripts (either pre-built by Sysdig or user-created)
A CURL request
For brief sample scripts regarding configuring other custom events, refer to the Custom Events. For more information, contact Sysdig Support.
LogDNA Events
Sysdig provides the ability to view LogDNA alerts as Sysdig events.
If you are both a LogDNA and Sysdig Monitor user, you can send alerts from the LogDNA platform to Sysdig Monitor as Sysdig events. These events will provide a link redirecting you to the LogDNA for further investigation. Similar to other types of Sysdig Events, you can create alerts based on the LogDNA events.
The log data provided by LogDNA carries additional details about system health. The ability to view relevant LogDNA events in Sysdig helps you debug and monitor the health of a system efficiently.
For example, if the number of logs generated during a deployment is higher than expected, you get notified with your Sysdig Events feed.
There is no configuration required on the Sysdig Monitor side. For information on configuring LogDNA to send alerts to Sysdig Monitor, see Sysdig Alert Integration.