How can I change the agent log level?

This article has been deprecated and moved. Please see the 

new Sysdig documentation.


The Sysdig agent generates log entries in /opt/draios/logs/draios.log. The agent will rotate out the log file when it reaches 10MB in size keeping the 10 most recent log files archived with a date-stamp appended to the filename.

The default logging level of the Sysdig agent creates an entry for each aggregated metrics transmission to the backend servers once per second in addition to entries for any warnings and errors.

The type and amount of logging can be changed by adding parameters and log level arguments shown below to the agent's user settings configuration file here:


After editing the yaml file, restart the agent at the shell with: service dragent restart  to affect changes.


For more information on adding parameters to a container agent's configuration file, see the FAQ: How-can-I-edit-the-agents-configuration-file?


File Log Level

When troubleshooting agent behavior, increase the logging to debug for full detail:

  file_priority: debug 

If you wish to reduce log messages going to the /opt/draios/logs/draios.log file, add the log: parameter with one of the following arguments under it and indented two spaces: [ none | error | warning | info | debug | trace ]

  file_priority: error


Container Console Logging

If you are running the containerized agent, you can also reduce container console output by adding the additional parameter console_priority: with the same arguments [ none | error | warning | info | debug | trace ]

console_priority: warning


Note that troubleshooting a host with less than the default 'info' level will be more difficult or not possible. You should revert to 'info' when you are done troubleshooting the agent.  

A level of 'error' will generate the fewest log entries, a level of 'trace' will give the most, 'info' is the default if no entry exists.


Example dragent.yaml config file:

customerid: 831f3-Your-Access-Key-9401
tags: local:sf,acct:eng,svc:websvr
file_priority: warning
console_priority: info


Docker run command

If you are using the "ADDITIONAL_CONF" parameter to start a Docker containerized agent, you would specify this entry in the Docker run command:  

-e ADDITIONAL_CONF="log:\n  file_priority: error\n  console_priority: none"


Kubernetes Infrastructure

When running in a Kubernetes infrastructure (via daemonsets), comment in the "ADDITIONAL_CONF" line in the agent 'sysdig-daemonset.yaml' manifest file and modify as needed:

- name: ADDITIONAL_CONF #OPTIONAL pass additional parameters to the agent
  value: "log:\n file_priority: debug\n console_priority: error"


For help on editing the agent's configuration file please see this FAQ:


Have more questions? Submit a request