Troubleshooting
This section describes methods for troubleshooting two types of issues:
Disconnecting Agents
No Metrics After Agent Install
Disconnecting Agents
If agents are disconnecting, there could be problems with addresses that need to be resolved in the agent configuration files. See also Understanding the Agent Config Files.
Check for Duplicate MAC addresses
The Sysdig agent will use the eth0
MAC address to identify the
different hosts within an infrastructure. In a virtualized environment,
you should confirm each of your VM’s eth0
MAC addresses are unique.
If a unique address cannot be configured, you can supply an additional
parameter in the Sysdig agent’s dragent.yaml
configuration file:
machine_id_prefix: prefix
The prefix text can be any string and will be prepended to the MAC address as reported in the Sysdig Monitor web interface’s Explore tables.
Example: (using ADDITIONAL_CONF
rather than Kubernetes
Configmap
)
Here is an example Docker run command installing the parameter via the
ADDITIONAL_CONF
parameter
docker run --name sysdig-agent --privileged --net host --pid host -e ACCESS_KEY=abc123-1234-abcd-4321-abc123def456 -e TAGS=tag1:value1 -e ADDITIONAL_CONF="machine_id_prefix: MyPrefix123-" -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/agent
The resulting /opt/draios/etc/dragent.yaml
config file would look like
this:
customerid:abc123-1234-abcd-4321-abc123def456
tags: tag1:value1
machine_id_prefix: MyPrefix123-
You will then see all of your hosts, provided that all the prefixes are unique. The prefix will be visible whenever the MAC address is displayed in any view.
See also: Agent Configuration.
Check for Conflicting MAC addresses in GKE environments
In Google Container Engine (GKE) environments, MAC addresses could be repeated across multiple hosts. This would cause some hosts running Sysdig agents not to appear in your web interface.
To address this, add a unique machine ID prefix to each config you use to deploy the agent to a given cluster (i.e. each sysdig-daemonset.yaml file).
Note: This example uses the
(v1) ADDITIONAL_CONF
, rather than (v2
Configmap
method.
- name: ADDITIONAL_CONF value: "machine_id_prefix: mycluster1-prefix-"
Can’t See Metrics After Agent Install
If agents were successfully installed, you could log in to the Sysdig Monitor UI, but no metrics are displayed in the Explore panel, first confirm that the agent license count has not been exceeded. Then check for any proxy, firewall, or host security policies preventing proper agent communication to the Sysdig Monitor backend infrastructure.
Check License Count
If network connectivity is good, the agent will connect to the backend but will be disconnected after a few seconds if the license count has been exceeded.
To check whether you are over-subscribed, go to
Settings > Subscription
.
See Subscription for details.
Check Network Policy
Agent Connection Port
Check your service provider VPC security groups to verify that network ACLs are set to allow the agent’s outbound traffic over TCP ports. See Sysdig Collector Ports for the supported TCP ports for each region.
Outbound IP Addresses
Due to the distributed nature of the Sysdig Monitor infrastructure, the agent must be open for outbound connections to collector.sysdigcloud.com on all outbound IP addresses.
Check Amazon’s public IP ranges file to see all the potential IP addresses the Sysdig agent can use to communicate with the Sysdig backend databases.
AWS Metadata Endpoint
AWS metadata is used for gathering information about the instance itself, such as instance id, public IP address, etc.
When running on an AWS instance, access to the following AWS metadata endpoint is also needed: 169.254.169.254
Check Local Host Policy
The agent requires access to the following local system resources in order to gather metrics:
Read/Write access to
/dev/sysdig
devices.Read access to all the files under
/proc
file system.For container support, the Docker API endpoint
/var/run/docker.sock
If any settings or firewall modifications are made, you may need to restart the agent service. In a shell on the affected instances issue the following command:
sudo service dragent restart
Cluster Shield Troubleshooting
This page provides troubleshooting guidance for Sysdig Cluster Shield.
Kernel Header Troubleshooting
This section describes how the agent uses kernel headers and provides you tips on troubleshooting, if needed.
Connection between Agent and Sysdig Collector
Upon installation, the Sysdig Agent forms a persistent TCP connection with the Sysdig collector in the backend. The agent maintains this connection consistently until either it is restarted or experiences a network disruption. In the event of a disconnection with the Sysdig collector, the agent activates a retry protocol to reinitiate the connection, applying necessary back-off strategies to manage the reconnection attempts effectively.
Using the Agent Console
Sysdig provides an Agent Console to interact with the Sysdig agent. This is a troubleshooting tool to help you view configuration files and investigate agent configuration problems quickly.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.