Sysdig Documentation

Sysdig Agent Release Notes

0.93.1 November 25, 2019

Fixes and Updates

Fixed installation issue on native RHEL 7.x installs

The agent installer script has been updated to refer to an updated epel repository.

Improved JMX metrics reporting

Fixed an issue when retrieving JMX metrics which could result in missing samples.

(Sysdig Secure): Improvement in Kubernetes Audit events

Fixed runtime policy scopes for Kubernetes audit events.

(Sysdig Secure) Fixed audit event exception

The system now catches JSON object-type exceptions when parsing Kubernetes audit events.

Improved error message

Improved the error message reported when the Sysdig agent cannot find a pre-installed kernel header or cannot download a sysdigcloud-probe.

Performance improvement in dragent logging

0.93.0.1 November 15, 2019

Fixes

Fixed issue with Prometheus metrics names

Corrected a problem that resulted in the suffix _total to be removed from Prometheus counter metric names.

0.93.0 November 6, 2019

New Features

Mask the customer ID in log files

The Customer ID is no longer output in the agent log, to avoid inadvertent exposure when sharing of log files.

Kubernetes role node label included by default

The kubernetes.node.label.kubernetes.io/role label is available by default

Update Kubernetes API used, in order to expand support of Kubernetes v1.16

Replaced usage of the extensions/v1beta1 Kubernetes API with apps/v1 in the agent. This is required for supporting Kubernetes v1.16 using the agent's legacy Kubernetes integration (when new_k8s is not enabled).

Introduced a new config option in ElasticSearch app check

Introduced a new config option to generate cluster-wide primary shard metrics from a master node: pshard_stats_master_node_only. See Elasticsearch (Example 3).

Enhanced Postgresql app check

The Postgres app check has been enhanced to provide new metrics and examples. See PostgreSQL.

Agent preparation for upcoming Policy Advisor feature in Sysdig Secure

The agent will support new Rules generated by Sysdig's Kubernetes Policy Advisor. This agent is the minimum version required to use the upcoming feature.

Updates and Fixes

Improved system events handling for Ubuntu 19.10

On kernels 5.1 and newer, some syscall events were incorrectly dropped. This has been fixed.

Stopped Kubernetes pause containers (pods) from being reported

Fixed an issue where Kubernetes pause containers were also showing up in Kubentes events. This fix filters them out from the events being reported.

Fixed rare issue on OpenShift

Fixed an issue where, in a rare case, a dropped event could cause a kernel deadlock and crash the node.

Fixed issue preventing kernel module creation for Debian Buster

This change adds support for building the Sysdig Monitor agent kernel module for Debian Buster.

Improved event timestamp in Kubernetes

This fix ensures that user events get the correct timestamp with Kubernetes v1.16 when thego_k8s_user_events option is set to true.

Updated Kubernetes API used, in order to expand support of Kubernetes v1.16

In dragent.yaml, the Kubernetes API extensions/v1beta1 is updated to apps/v1. This enables agent support for Kubernetes v1.16 even when the new_k8s option is set to false.

Fixed a Kubernetes event reporting issue

Fixed an issue with Kubernetes Events where the host MAC scope was not populated correctly, resulting in not showing up on the dashboard.

Improved Kubernetes events handling from delegated agents

When using go_k8s_user_events, kubernetes events from non-delegated agents are no longer sent.

Eliminated legacy "BASELINES" message

Stopped processing legacy BASELINES messages from the backend collector.

Performance improvement at startup

The agent now defers initialization of Secure-related components slightly to reduce excess resource usage at startup.

0.92.3 October 7, 2019

Updates and Fixed Issues

Included Example of a Prometheus Matching Rule Using HTTPS

The Sysdig agent will use HTTPS for scraping when target's annotation has "kuberentes.pod.annotation.prometheus.io/scheme: https".

Kubernetes versions older than 1.9 no longer supported.

The Sysdig agent has replaced the use of the extensions/v1beta1 Kubernetes API with apps/v1.

Included Example of a Prometheus Matching Rule Using HTTPS

The Sysdig agent will use HTTPS for scraping when target's annotation has "kuberentes.pod.annotation.prometheus.io/scheme: https".

The RabbitMQ app check has a new config option: filter_by_node

Without this option, each node reports cluster-wide information (as presented by rabbitmq itself). This option makes it easier to view the metrics in the UI by removing redundant information reported by individual nodes. See RabbitMQ for details.

0.92.2 September 26, 2019

New Features

Asynchronous metadata collection for CRI-O and containerd

The collection of container metadata from CRI-based runtimes was previously synchronous with other agent tasks.

Prioritize and filter how process metrics are reported in Sysdig Monitor. 

In addition to filtering data by container, it is also possible to filter independently by process. Broadly speaking, this refinement helps ensure that relevant data is reported while noise is reduced. See Include/Exclude Processes for details.

Fixed Issues

Sysdig Monitor

  • Fix for Agent termination during resource discovery from the Kubernetes API Server 

    Fixed an issue where the Agent stopped and shutdown if there an error occurred during resource discovery from the Kubernetes API Server. This fix simply reports the error and continues with the discovered resources.

  • Fix for Kubernetes delegation error

    Fixed an issue that caused Kubernetes delegation to not work after the cointerface process restarts following a crash.

  • Fix for accounting Network errors

    Network-related errors are now correctly accounted for instead of being treated as file-open errors.

  • App Checks on hosts with Python 2.6 will no longer be supported

    App Checks will no longer run on hosts with Python 2.6 in their environment.

  • New Prometheus Client Version

    Updated prometheus_client to version 0.7.1. This should result in improved performance while ingesting Prometheus metrics.

  • Fix for dropping StatsD Metrics

    A defect in earlier versions of Sysdig Monitor with the statsd.use_forwarderoption could drop some StatsD metrics from containers. This change resolves that problem; the agent will begin fetching metrics from containers 10 seconds after first identifying that the container exists. The 10 second delay allows containers to start StatsD servers within their network namespaces if they choose.

    The timeout can be overridden using the statsd.container_server_creation_delay_s option, which specifies the delay in seconds.

  • Fixed resource metrics for CRI-O containers

    The following metrics reporting correctly in the Monitor UI: memory.limit.bytes, memory.limit.used.percent, and cpu.quota.used.percent. The CRI extra_queries option now enabled by default. See Runtime Support: CRI-O and Containerd for details.

Sysdig Secure

  • Fix for enlarging Sysdig Capture 

    Fixed an issue where a Sysdig capture would grow endlessly if a security policy was set to Capture 0 seconds after an event.

  • Fix for processing system events

    Fixed problem where gettimeofday syscall was called in compliance code while processing system events. This could potentially cause performance problems in Linux distros that called down to the kernel for gettimeofday responses, such as some versions of Amazon Linux.

Sysdig Platform

  • New RPM dependency

    Changed RPM dependency to Python 2 to support installation on RHEL 8.

0.92.1 August 16, 2019

Fixed Issues

Sysdig Monitor

  • Fixed issue with cluster name in Monitor UI

    Cluster name was being populated incorrectly for Kubernetes event scopes.

  • Fixed Kubernetes events issue

    Fixed Kubernetes event collection issue that occurred when using the go_k8s_user_events option. This option was introduced in agent version 0.91.

Sysdig Platform

  • RHEL 7.7 and 8.0+ support The kernel module now builds for RHEL 7.7 and 8.0+

  • Fixed issue with StatsD metrics collection limits Some versions of the Sysdig agent allowed fewer than the configured number of StatsD metrics because Sysdig Secure-related StatsD metrics were counted towards the configured limit.

    This change corrects that behavior so that the configured limit applies only to StatsD metrics that do not originate from Sysdig components.

Sysdig Secure

  • Fixed a profiling-related issue that impacts Sysdig Secure 2.4

    Sysdig Secure 2.4 will include a new Profiling feature, and 0.92.1 fixes a bug where profiling could remain disabled after periods of high load. In order to use Profiling, it is required to upgrade to agent 0.92.1 or higher.

0.92 August 7, 2019

New Features

Preparatory enhancements for upcoming Sysdig Secure Policy Editor Although the feature UI will not be released until version 2.4.0, Sysdig encourages all users of Sysdig Secure to upgrade to agent 0.92 in preparation for the new Policy Editor feature. Agent 0.92 will accept policies messages from both the current backend as well as a backend that supports the new policy editor.

Ability to compress metrics data for internal transfer

With app checks integrations, when the volume of metrics data collected was too large to send over the agent's internal queue, app checks could fail. This problem is solved by introducing an option to compress app checks metrics data, which reduces the internal load. See Compress Metrics Data for details on how to enable this option.

Fixed Issues

Sysdig Monitor

Fix for occasionally dropped metrics In earlier releases of Sysdig Monitor, the agent sometimes failed to parse metrics containing negative values for some fields.

This change updates the behavior to drop fields that have unsupported negative values, and to generate a log message when such fields are encountered.

Sysdig Platform

  • Fix for MySQL versions 8.0.14+

    Fixed a bug that caused the MySQL app check to fail with an error.

  • Fixed agent crash issue exposed by recent Linux kernels

    Affected kernels include the 5.2.x line, 5.1.8+, and 4.19.49+.

  • Fixed a bug in HTTP parserIn the (uncommon) situation where absoluteURI is used in the Request-URI, fixed a bug that was causing a faulty URL.

0.91 July 17, 2019

New Features

Improved securityRemoved obsolete and vulnerable Python 2.6-compatible libraries from Docker images.

More efficient Kubernetes event handling.

The agent has added functionality to allow more efficient processing of Kubernetes user events.

See Use Go to Process Kubernetes Events to enable.

Reduced CPU usage on Kubernetes clusters Extended performance optimizations for processing Kubernetes Services, which will reduce agent CPU usage in large clusters.

Container filtering enhanced. Smart filters and aggregated filtering options are now available. See Prioritize/Include/Exclude Designated Containers.

Fixed Issues

Monitor

  • Fixed issue with Prometheus metrics gathering intervals

    The agent will now respect the configured interval for scraping Prometheus metrics from remote endpoints, as opposed to doing it every second.

  • Fixed limit/requests calculations for init containers

    Fixed memory calculations for Kubernetes init container limits and requests

  • Improved Healthcheck monitoringAgent has improved ability to detect commands identified as a part of Kubernetes Liveness/Readiness Probes, in addition to Docker Health Checks.

  • Improved error messaging

    Warning messages for container group inconsistencies were demoted to debug level, as they are harmless and do not need to clutter the error reporting stream.

  • Fixed issue with container "incomplete" reporting status

    Starting with version 0.90.0, the agent would report containers for which it had not yet fetched metadata as "incomplete." This would then propagate to the Monitor UI. This restores the behavior where the agent leaves the unknown fields unset.

  • Resolved REST server issue

    Fixed problem where an enabled port would respond to HTTP requests when not desired.

  • Fixed issue with StatsD metrics collection

    Previous versions of the Sysdig agent, when configured to use the StatsD fowarder ({{statsd.use_forwarder: true}}) truncated messages that it received from containers to 2048 bytes, resulting in the potential for dropped and corrupted metrics. This change resolves that problem. See details under StatsD Integration.

Note

For earlier release notes, please see Sysdig Agent Release Notes here.

Note

It is recommended to follow upgrade best practices:

  • Keep upgrades current

  • Test upgrades in a non-mission-critical or staging environment before rolling into production.