Configure Sysdig Linux Agent

Out of the box, the Sysdig agent will gather and report on a wide variety of pre-defined metrics from a range of platforms and applications. It can also accommodate any number of custom parameters for additional metrics collection.

You can edit the agent configuration file to extend the default behavior, including additional metrics for JMX, StatsD, Prometheus, or a wide range of other Monitoring Integrations.

Use this section when you need to change the default or pre-defined settings by editing the agent configuration files.

For the latest helm-based installation instructions and configuration options, see sysdig-deploy.

Topics in This Section
Configure the Agent

Out of the box, the Sysdig agent gathers and reports on a wide variety of predefined metrics. To collect additional metrics, configure the agent.

Understand Agent Drivers

Agent drivers attach event handlers to functions within the Linux kernel, such as a system call entry point or exit point. They also allocate buffers from the instrumented system’s RAM to send kernel events to the agent program running in the user space.

Configuration Library

The Sysdig configuration library lists all the major configurations supported by Sysdig agent components. This document is evolving and will be updated as new configurations are added to the product.

Configure Agent Modes

Agent modes provide the ability to control metric collection to fit your scale and specific requirements. Using the appropriate mode for a specific environment helps reduce the amount of resources (CPU and memory) that the agent consumes and the number of metrics that the agent collects.

Enable HTTP Proxy for Agents

Manage Agent Log Levels

View Agent Health

The Sysdig Agent uses ReadinessProbe to determine its readiness to accept incoming requests. Additionally, the agent can generate internal health metrics through a Prometheus exporter.

Disable Captures

Blacklist Ports

Manage Agent Privileges

You can modify Sysdig Agent privileges to enhance the security of your deployments. The Sysdig Agent can operate with the securityContext.privileged parameter set to false, enhancing your deployment’s security posture without interrupting essential monitoring and security functions. We recommend configuring the Sysdig Agent with privileged: false to reduce the attack surface and to align with container security best practices..

Use Node Leases