Sysdig Agent Release Notes

Metrics Reporting

Fixed an issue in the agent wherein the kubernetes.namespace.pod.desired.count and kubernetes.namespace.pod.available.count metrics were not reporting any values.

HDFS App Check Deprecated

The HDFS (Hadoop Distributed File System) App Check had been deprecated and removed. Users of the HDFS App Check can switch to hdfs_namenode and hdfs_datanode App Checks.

Metric Calculation

Fixed an issue related to calculating the kubernetes.pod.restart.rate metric.

Network Congestion

Isolated the Kubernetes Audit HTTP server from the Audit Event processing path to reduce the chances of slowing down the connections from the Kubernetes API server. This should reduce the likelihood of multiple outstanding connections from the Kubernetes API server.

Certifi Python Module

Added a missing certifi Python module to the agent container.

Metrics calculation

Fixed an issue that caused an error in the calculation of some metrics such as net.* in agent version 9.6.0.

Red Hat-based host issue

Fixed an issue that caused the kernel module build associated with agent version 9.6.0 to fail on Red Hat-based hosts.

Integrations improved

Added new metrics and configuration options for HAProxy and Consul app check integrations. See HAProxy, HAProxy Metrics, and Consul for details.

Fixed a problem Go app check which caused it to fail with an exception error.

Metrics added

Added Kubernetes metric kubernetes.namespace.pod.running.count to track the number of pods in running state. See Kubernetes State.Kubernetes State

Reduced load on the Kubernetes API server

The version of client-go was updated and now defaults to encoded protobuf messaging instead of JSON to improve performance.

Configuration option new_k8s now enabled by default.

Default collector port changed

The default port for the collector was changed from 6666 to 6443.

Prometheus metrics fix

Fixed a problem that inhibited the agent from scraping multiple ports on a single process for Prometheus metrics.

Inaccurate cpu.used reporting fixed

Fixed a problem that caused the agent to erroneously report very high CPU usage in some environments.

Fix for the dynamic back-end configuration of Kubernetes Audit Logging that caused some agent deploys to failKubernetes Audit Logging

The agent is enhanced to listen on /k8s-audit for Kubernetes audit events and the path can be configured via the config option security:{k8s_audit_server_path_uris: [path1, path2]}.

Added new configuration option and metrics for Elasticsearch integrations

In the Elasticsearch app check, the parameter index_stats can be used to collect metrics from individual indices. See Example 4 in Elasticsearch and Elasticsearch Metrics for details.

Added new metrics for NGINX Plus integrations

More than 60 new metrics have been added to the NGINX app check. See NGINX Plus Metrics for details.

Made Go-based event handling the default

See Use Go to Process Kubernetes Events. As of agent 9.5.0, the default setting for go_k8s_user_events is true and there is no need explicitly to enable it. To switch back to the older events monitoring (C++ based), set the value to false in your agent config (dragent.yaml).

Enhanced log tracing for include/exclude processes filter.

No user action is required; see Include/Exclude Processes to use the filter.

Fixed agent termination issue

Fixed a problem that was causing an internal process within the agent to repeatedly restart.

Improved memory buffer handling

The agent will now auto-disable memdump functionality when the memory buffer is too small.

Agent start/stop improvements on CRI-O and Openshift 4.x

The agent can now correctly perform the pause and stop container actions on clusters running OpenShift 4.x and CRI-O.

Fixed issue in the agent install scripts

The agent install scripts have been updated to mount /etc/modprobe.d from the host into the agent container. This prevents a problem where the agent loaded drivers that were excluded from the host.

Added user events for additional resource types

Added events monitoring for statefulsets, services, and horizontal pod auto-scalers (HPAs) when the Golang-based events monitoring feature is enabled. To enable, see Use Go to Process Kubernetes Events.

Added regex support for Kafka integrations

Added regex capability for consumer groups and topics in Apache Kafka configurations. See Example 6 in Apache Kafka.

Increased the Prometheus max_tags default value

The Prometheus max_tags configuration has been increased from 20 to 40.

Made change to guarantee support for older cpuset configurations.

Changed CRIO cpuset calculations to use the configured cpuset.cpus value instead of cpuset.effective_cpus. This guarantees support on older cpuset configurations.

Corrected an issue that resulted in the suffix "_total" to be added to Prometheus counter metric names.

Fixed installation issue on native RHEL 7.x installs

The agent installer script has been updated to refer to an updated epel repository.

Improved JMX metrics reporting

Fixed an issue when retrieving JMX metrics which could result in missing samples.

(Sysdig Secure): Improvement in Kubernetes Audit events

Fixed runtime policy scopes for Kubernetes audit events.

(Sysdig Secure) Fixed audit event exception

The system now catches JSON object-type exceptions when parsing Kubernetes audit events.

Improved error message

Improved the error message reported when the Sysdig agent cannot find a pre-installed kernel header or cannot download a sysdigcloud-probe.

Performance improvement in dragent logging

Fixed issue with Prometheus metrics names

Corrected a problem that resulted in the suffix _total to be removed from Prometheus counter metric names.

Mask the customer ID in log files

The Customer ID is no longer output in the agent log, to avoid inadvertent exposure when sharing of log files.

Kubernetes role node label included by default

The kubernetes.node.label.kubernetes.io/role label is available by default

Update Kubernetes API used, in order to expand support of Kubernetes v1.16

Replaced usage of the extensions/v1beta1 Kubernetes API with apps/v1 in the agent. This is required for supporting Kubernetes v1.16 using the agent's legacy Kubernetes integration (when new_k8s is not enabled).

Introduced a new config option in ElasticSearch app check

Introduced a new config option to generate cluster-wide primary shard metrics from a master node: pshard_stats_master_node_only. See Elasticsearch (Example 3).

Enhanced Postgresql app check

The Postgres app check has been enhanced to provide new metrics and examples. See PostgreSQL.

Agent preparation for upcoming Policy Advisor feature in Sysdig Secure

The agent will support new Rules generated by Sysdig's Kubernetes Policy Advisor. This agent is the minimum version required to use the upcoming feature.

Improved system events handling for Ubuntu 19.10

On kernels 5.1 and newer, some syscall events were incorrectly dropped. This has been fixed.

Stopped Kubernetes pause containers (pods) from being reported

Fixed an issue where Kubernetes pause containers were also showing up in Kubentes events. This fix filters them out from the events being reported.

Fixed rare issue on OpenShift

Fixed an issue where, in a rare case, a dropped event could cause a kernel deadlock and crash the node.

Fixed issue preventing kernel module creation for Debian Buster

This change adds support for building the Sysdig Monitor agent kernel module for Debian Buster.

Improved event timestamp in Kubernetes

This fix ensures that user events get the correct timestamp with Kubernetes v1.16 when thego_k8s_user_events option is set to true.

Updated Kubernetes API used, in order to expand support of Kubernetes v1.16

In dragent.yaml, the Kubernetes API extensions/v1beta1 is updated to apps/v1. This enables agent support for Kubernetes v1.16 even when the new_k8s option is set to false.

Fixed a Kubernetes event reporting issue

Fixed an issue with Kubernetes Events where the host MAC scope was not populated correctly, resulting in not showing up on the dashboard.

Improved Kubernetes events handling from delegated agents

When using go_k8s_user_events, kubernetes events from non-delegated agents are no longer sent.

Eliminated legacy "BASELINES" message

Stopped processing legacy BASELINES messages from the backend collector.

Performance improvement at startup

The agent now defers initialization of Secure-related components slightly to reduce excess resource usage at startup.

Included Example of a Prometheus Matching Rule Using HTTPS

The Sysdig agent will use HTTPS for scraping when target's annotation has "kuberentes.pod.annotation.prometheus.io/scheme: https".

Kubernetes versions older than 1.9 no longer supported.

The Sysdig agent has replaced the use of the extensions/v1beta1 Kubernetes API with apps/v1.

Included Example of a Prometheus Matching Rule Using HTTPS

The Sysdig agent will use HTTPS for scraping when target's annotation has "kuberentes.pod.annotation.prometheus.io/scheme: https".

The RabbitMQ app check has a new config option: filter_by_node

Without this option, each node reports cluster-wide information (as presented by rabbitmq itself). This option makes it easier to view the metrics in the UI by removing redundant information reported by individual nodes. See RabbitMQ for details.

Asynchronous metadata collection for CRI-O and containerd

The collection of container metadata from CRI-based runtimes was previously synchronous with other agent tasks.

Prioritize and filter how process metrics are reported in Sysdig Monitor. 

In addition to filtering data by container, it is also possible to filter independently by process. Broadly speaking, this refinement helps ensure that relevant data is reported while noise is reduced. See Include/Exclude Processes for details.