Configure Agent Modes
You can choose one of the following modes to do so. Review the features available in different agent modes before determining the mode you want to opt for.
Features | Monitor Mode | Secure Mode | Secure Light Mode | Monitor withSecure License |
---|---|---|---|---|
Runtime Policy | X | X | X | |
Activity Audit | X | X | X | |
Captures Monitor Secure | X | X | X | X |
Network Topology | X | X | ||
Prometheus | X | X | ||
App Checks | X | X | ||
JMX | X | X | X | |
StatsD | X | X | ||
Live Logs Monitor Secure The Live Logs feature is not accessible for Secure-only users at the moment. This functionality is available in the Sysdig Platform as a part of the Sysdig Secure offering. | X | X | X | X |
Enable Agent Modes
If you have a Platform license (Sysdig Monitor and Sysdig Secure), no configuration is required. You get all the features by default. If you are opting a subset of features, determine the agent mode corresponding to your requirement.
To enable the mode you have selected, add the corresponding configuration to the values.yaml
or dragent.yaml
file, and restart the agent. The following sections provide configuration snippets corresponding to each agent mode.
Monitor
The Monitor mode offers an extensive collection of metrics. We recommend this mode to monitor enterprise environments.
monitor
is the default mode if you are running the Enterprise tier.
dragent.yaml
commandlines_capture:
enabled: false
drift_control:
enabled: false
drift_killer:
enabled: false
falcobaseline:
enabled: false
feature:
mode: monitor
memdump:
enabled: false
network_topology:
enabled: false
secure_audit_streams:
enabled: false
security:
enabled: false
k8s_audit_server_enabled: false
Helm
agent:
monitor:
enabled: true
secure:
enabled: false
Monitor Light
Monitor Light caters to the users that run agents in a resource-restrictive environment, or to those who are interested only in a limited set of metrics.
This mode provides CPU, Memory, File, File system, and Network metrics. For more information, see Metrics Available in Monitor Light.
dragent.yaml
app_checks_enabled: false
drift_control:
enabled: false
drift_killer:
enabled: false
falcobaseline:
enabled: false
feature:
mode: monitor_light
jmx:
enabled: false
memdump:
enabled: false
network_topology:
enabled: false
prometheus:
enabled: false
statsd:
enabled: false
Helm
agent:
monitor:
enabled: true
secure:
enabled: false
sysdig:
settings:
feature:
mode: monitor_light
Secure
The secure mode supports only Sysdig Secure features.
Sysdig agent collects no metrics in the secure mode, which, in turn, minimizes network consumption and storage requirement in the Sysdig backend. Lower resource usage can help reduce costs and improve performance.
In the Secure mode, the Monitor UI shows no data because no metrics are sent to the collector.
This feature requires agent v10.5.0 or above.
dragent.yaml
app_checks_enabled: false
feature:
mode: secure
jmx:
enabled: false
prometheus:
enabled: false
statsd:
enabled: false
Helm
agent:
monitor:
enabled: false
secure:
enabled: true
sysdig:
settings:
feature:
mode: secure
Secure Light
The secure light mode supports only the following Sysdig Secure features:
Sysdig agent running in secure_light
mode consumes fewer resources than that of running in the secure mode.
This feature requires agent v12.10.0 or above.
Note: Do not enable Monitor features in Secure Light. If you do, you might encounter configuration errors.
dragent.yaml
app_checks_enabled: false
feature:
mode: secure_light
jmx:
enabled: false
memdump:
enabled: false
network_topology:
enabled: false
prometheus:
enabled: false
statsd:
enabled: false
Note: falcobaseline.enabled
should be set to false
in agents v12.18.0 and below.
Helm
agent:
monitor:
enabled: false
secure:
enabled: true
sysdig:
settings:
feature:
mode: secure_light
Troubleshooting
Troubleshooting mode offers sophisticated metrics with detailed diagnostic capabilities. Some of these metrics are heuristic in nature.
In addition to the extensive metrics available in the Monitor mode, Troubleshooting mode provides additional metrics such as net.sql
and additional segmentation for file and network metrics. For more information, see Additional Metrics Values Available in Troubleshooting.
dragent.yaml
If your account is enabled for Secure, add the following:
app_checks_enabled: false
drift_control:
enabled: false
drift_killer:
enabled: false
falcobaseline:
enabled: false
feature:
mode: troubleshooting
jmx:
enabled: false
memdump:
enabled: false
network_topology:
enabled: false
prometheus:
enabled: false
statsd:
enabled: false
If your account is enabled for Monitor, add the following:
Helm
If your account is enabled for Monitor, add the following:
agent:
monitor:
enabled: true
secure:
enabled: false
sysdig:
settings:
feature:
mode: troubleshooting
If your account is enabled for Secure, add the following:
agent:
monitor:
enabled: false
secure:
enabled: true
sysdig:
settings:
feature:
mode: troubleshooting
Custom Metrics Only Mode
Custom Metrics Only mode collects the same metrics as the Monitor Light mode, but also adds the ability to collect the following:
- Custom Metrics: StatsD, JMX, App Checks, and Prometheus
- Kubernetes State Metrics
As such, Custom Metrics Only mode is suitable if would like to use most of the features of Monitor mode but are limited in resources.
This mode is not compatible with Secure. If your account is configured for Secure, you must explicitly disable Secure in the agent configuration if you wish to use this mode.
This mode requires agent v12.4.0 or above.
Enable Custom Metrics Only Mode
Open the
dragent.yaml
file.Add the following configuration parameter:
feature: mode: custom-metrics-only
If your account is enabled for Secure, add the following:
security: enabled: false secure_audit_streams: enabled: false falcobaseline: enabled: false
This configuration explicitly disables the Secure features in the agent. If you do not disable Secure, the agent will not start due to incompatiblity issues.
Restart the agent.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.