The Captures Tab displays a list of any Sysdig capture files created via the ‘Sysdig Capture’ function which is available on the Explore tab when a host is selected. Sysdig capture files contain system calls and other OS events which can be analyzed with the open source 'sysdig' or 'csysdig' (curses based) utilities. This guide details how to record a trace file from your host and download it for analysis with the the utilities.
Create a capture file by selecting a host or container item from one of the Explore Tab tables as seen below:
The Sysdig Capture pop-up window will prompt for a storage location, a capture file name, an amount of time to capture, and an optional sysdig utility filter. By default your captures will be stored in the SysdigCloud Amazon S3 bucket but you can use the 'go to settings' link to define your own S3 bucket if desired. We recommend using the default time of 15 seconds to keep captures small and manageable.
The maximum capture time available for any trace file is 24 hours with a current capture file size limit of 100MB.
When you click Start Capture, the Sysdig agent will be signaled to start a capture and send back the resulting trace file which will be shown in the Capture tab.
The Capture tab contains a table showing the capture file name, the host from where it came and the time frame and size of the capture. A status of 'uploaded' means the file has been successfully transmitted from the Sysdig agent to the AWS S3 bucket and is available for downloading to your workstation for detailed analysis using the 'sysdig' or 'csysdig' open source utilities.
You can select an entry in the table and click the 'Explore' button to be brought to the capmetric's point in time on the Explore tab. You can then
Use the 'Delete' button to remove a capture file or the "Delete All" button at the top of the file list to remove all captures at once.