The top level Hosts views will list additional action buttons depending on if a host, group or container are currently highlighted. You can securely connect to a shell of any instance with the SSH Connect function, Add or Configure Alerts, and extract detailed raw system activity trace files with Sysdig Capture.
SSH Connect enables a user at the Sysdig Monitor interface to quickly access and execute shell commands on any host listed in a top level Hosts view on the Explore tab.
The SSH Connect feature works by encapsulating an SSH connection on top of the persistent TCP connection between the Sysdig agent and the back-end so no additional connections are required. This instrumentation conveniently allows for access to instances that sit in a private network or behind a NAT.
Provide your SSH private key and optional passphrase in order to initiate a session. You can also select to login with a traditional less secure account and password if your host allows.
Additional selections allow you save the SSH key in the local web browser cache and change the default connection port. All connections are automatically closed when you close your browser tab, the connection is completely stateless and secure.
Sysdig Monitor has a native integration with our open source sysdig technology, enabling users to initiate a sysdig capture which records all system call activity on a particular instance over the chosen time period.
After selecting a host and clicking Sysdig Capture, the screen below will appear for you to fill out. The example shown will create a trace file called ‘capture_all_httpd’ with 2 minutes of data filtered for httpd process system calls only. The data file will reside in the Sysdig Monitor S3 bucket under your customer account:
You can select to store trace files to your own custom Amazon S3 bucket if you have configured it in the Settings > Sysdig Storage setup screen (click ‘go to settings’). The maximum capture time available for any trace file is 24 hours with a current capture file size limit of 100MB. Use standard sysdig filters to reduce extraneous capture data.
After clicking ‘Start Capture’ you will see a progress bar and have the option to cancel the capture. Once the sysdig capture is done, you can either download your trace file to your local workstation for storage and analysis with the open source sysdig utility or analyze it online with the graphical Trace Analyzer.
Learn more about analyzing trace files in the Captures Tab guide.
Add & Configure Alert
When an instance, group of instances or container are selected in any Hosts view, use the Add Alert button to quickly create a context sensitive alert. Alerts can be set to notify you for anomalous events in your infrastructure. You can easily create alerts with ‘Baseline’ or ‘Host Comparison’ alert types or more customizable ‘Manual’ alerts.
Optionally, click the bell icon next to the instance name in any Hosts view or in the panel control bar of any table, chart, or map and Sysdig Monitor will pre-populate the information and any segmentation you have for that particular view into the New Alert configuration screen (shown below).
If you see the Configure Alert action button - and correspondingly a shaded bell icon - an alert has already been configured for that instance/group and clicking either the button or shaded bell will bring you to the Alerting tab’s Configure Alerts screen. A filter will be automatically applied in the Configure Alerts screen to show you all existing alerts for the instance/group.
Learn more about alerts and notifications in the Alerting Tab section.