0.1.87

Bug Fixes

• Many minor bugfixes

New and Updated Features

• --fatfile option: When writing in fatfile mode, the output file will contain events that will be invisible when reading the file, but that are necessary to fully reconstruct the state

New and Updated Chisels

• lsof: This chisel prints the open file descriptors for every process in the system, with an output that is very similar to the one of lsof
• around: Given a filter on the command line, this chisel saves the events that are in a time range around filter matches
• spy_logs: This chisel intercepts all the writes to files containing .log or _log in their name, and pretty prints them
• spy_syslog (was echo_syslog): Print every message written to syslog

New and Updated filter fields

• evt.info: for most events, this field returns the same value as evt.args. However, for some events (like writes to /dev/log) it provides higher level information coming from decoding the arguments
• evt.around: accepts the event if it's around the specified time interval
• evt.is_syslog: true for events that are writes to /dev/log
• syslog.facility.str: facility as a string
• syslog.facility: facility as a number (0-23)
• syslog.severity.str: severity as a string
• syslog.severity: severity as a number (0-7)
• syslog.message: message sent to syslog

New and Updated events

• ptrace

0.1.86

Bug Fixes

• Fix a couple critical race conditions that can happen when multiple consumers open the sysdig devices
• Many minor bugfixes

New and Updated Chisels

• echo_syslog: Print every message written to syslog

0.1.85

Bug Fixes

• Fix a couple critical bugs in the driver that can cause a kernel panic under some rare circumstances
• Minor bugfixes related to filter fields

New and Updated Features

• Bash and zsh completion installed by default

0.1.84

Bug Fixes

• Correctly support memory fields for 2.6.39
• Support EL7 in the installer (using the beta EPEL 7 repository)
• Many minor bugfixes

New and Updated Features

No new features

New and Updated Chisels

• list_login_shells: List the login shell IDs
• hierarchical support for spy_users

New and Updated filter fields

• proc.apid: the pid of one of the process ancestors.
• proc.aname: the name (excluding the path) of one of the process ancestors.
• proc.loginshellid: the pid of the oldest shell among the ancestors of the current process

New and Updated events

• splice

0.1.83

Bug Fixes

Many minor bugfixes

New and Updated Features

No new features

New and Updated Chisels

No new chisels

New and Updated filter fields

• proc.vmsize: Total virtual memory for the process (as kb)
• proc.vmrss: Resident non-swapped memory for the process (as kb)
• proc.vmswap: Swapped memory for the process (as kb)
• thread.pfmajor: Number of major page faults since thread start
• thread.pfminor: Number of minor page faults since thread start
• proc.fdopencount: Number of open FDs for the process
• proc.fdlimit: Maximum number of FDs the process can open
• proc.fdusage: The ratio between open FDs and maximum available FDs for the process

New and Updated events

• mmap
• mmap2
• munmap
• brk

0.1.82

Bug Fixes

• topprocs_cpu was not working anymore (#146)
• fix sysdig probe on kernel 3.15 (#128)
• support OpenVZ kernel (#143)

New and Updated Features

There are no new features in this release.

New and Updated Chisels

• proc_exec_time: Show process execution time
• scallslower: Trace slow syscalls

New and Updated filter fields

• proc.duration: Number of nanoseconds since the process started

0.1.81

• ARM support (tested on Raspberry PI)
• New chisels: fileslower.lua
• New filter fields: fd.filename
• Improved build system
• -r can open multiple files
• -z can write compressed trace files
• -P can show the processing progress
• Many bugfixes

0.1.79

• New chisels: spy_port
• New fields: fd.directory, proc.ppid
• Support grsecurity
• Build on Solaris
• sysdig -D option: sysdig doesn't dig itself by default anymore
• Support binary expressions when filtering buffers
• Various bugfixes reported by users

0.1.77

fix potential memory leak when invalid line is skipped

0.1.74

Merge pull request #75 from lazy404/ipv6Fix

sysdig fails to start if ipv6 is disabled