Agent Configuration for Monitor

The Sysdig configuration library lists all the major configurations required to enable Sysdig Monitor features.

To apply configurations, see Configure the Agent.

StatsD

The statsd parameter controls StatsD metric collection. It is enabled by default.

The following configurations are available:

statsd:
	blacklisted_ports
statsd:
	tcp_port
statsd:
  udp_port
statsd:
  ip_address: 0.0.0.0

The value indicates that the StatsD server will accept incoming traffic from any IP, local or remote. Use this configuration to add the ability to send statsd messages to a host running the agent from a remote host, and for the agent to process the message as if they have originated on the host on which the agent is running.

By default, the agent includes a statsd server that listens on the loopback interface (127.0.0.1) for incoming statsd messages, which does not allow accepting messages originating from remote hosts. Use the ip_address: 0.0.0.0 configuration to change this default behavior.

Events

The events parameter controls Event Metric Collection.

events:
  docker
events:
  kubernetes

Log

The log parameter lets you configure log levels metric collection.

log:
  event_priority
log:
  console_priority
log:
  file_priority

Prometheus

The prometheus parameter controls Prometheus Native Service Discovery.

prometheus:
  enabled

JMX

The jmx parameter controls JMX metrics collection.

jmx:
  enabled

App Checks

Controls monitoring capabilities using App Check.

app_checks:
  enabled

KSM

Enable and disable Kube State Metrics (KSM) collection. It is enabled by default.

k8s_extra_resources:
  - include
  ...

Go Events

The go_k8s_user_events parameter streamlines Sysdig agent processing times and reduce CPU load. The default is true.

Agent Console

Enable Agent Console to interact with the Sysdig agent to troubleshoot and investigate agent configuration problems quickly

command_line:
  enabled

Examples

Disable StatsD Collection

This example shows how to turn off StatsD collection and blacklist port 6443.

Sysdig agent uses port 6443 for both inbound and outbound communication with the Sysdig backend. The agent initiates a request and keeps a connection open with the Sysdig backend for the backend to push configurations, Falco rules, policies, and so on.

Ensure that you allow the agents’ inbound and outbound communication on TCP 6443 from the respective IP addresses associated with your SaaS Regions. Note that you are allowing the agent to send communication outbound on TCP 6443 to the inbound IP ranges listed in the SaaS Regions.

YAML Format

statsd:
    enabled: false
    blacklisted_ports:
    - 6443

Single-Line Format

Use spaces, hyphens, and \n correctly when manually converting to a single line:

ADDITIONAL_CONF="statsd:\n enabled: false\n blacklisted_ports:\n - 6443"

You can run a full agent startup Docker command in a single line as follows:

docker run
  --name sysdig-agent \
  --privileged \
  --net host \
  --pid host \
  -e ACCESS_KEY=<ACCESS_KEY> \
  -e COLLECTOR=<COLLECTOR_ADDRESS> \
  -e TAGS=dept:sales,local:NYC \
  -e ADDITIONAL_CONF="statsd:\n    enabled: false\n    blacklisted_ports:\n    - 6443" \
  -v /var/run/docker.sock:/host/var/run/docker.sock \
  -v /dev:/host/dev \
  -v /proc:/host/proc:ro \
  -v /boot:/host/boot:ro \
  -v /lib/modules:/host/lib/modules:ro \
  -v /usr:/host/usr:ro \
  quay.io/sysdig/agent

Add RabbitMQ App Check

This example helps you override the default configuration for a RabbitMQ app check.

YAML Format

app_checks:
  - name: rabbitmq
    pattern:
      port: 15672
    conf:
      rabbitmq_api_url: "http://localhost:15672/api/"
      rabbitmq_user: myuser
      rabbitmq_pass: mypassword
      queues:
        - MyQueue1
        - MyQueue2

Single-Line Format (echo | sed)

From a Bash shell, issue the echo command and sed script.

echo "app_checks:
  - name: rabbitmq
    pattern:
      port: 15672
    conf:
      rabbitmq_api_url: "http://localhost:15672/api/"
      rabbitmq_user: myuser
      rabbitmq_pass: mypassword
      queues:
        - MyQueue1
        - MyQueue2
" | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/\\n/g'

This results in the single-line format to be used with ADDITIONAL_CONF in a Docker command or DaemonSet file.

"app_checks:\n - name: rabbitmq\n  pattern:\n    port: 15672\n  conf:\n    rabbitmq_api_url: http://localhost:15672/api/\n    rabbitmq_user: myuser\n    rabbitmq_pass: mypassword\n    queues:\n      - MyQueue1\n      - MyQueue2\n"