Chapter 5. Querying with Sysdig
The previous tools we have looked at have all relied on making API calls to Docker or reading metrics from LXC. Sysdig works differently by hooking itself into the hosts machine's kernel while this approach does go against Docker's philosophy of each service being run in its own isolated container, the information you can get by running Sysdig only for a few minutes far outweighs any arguments about not using it.
In this chapter, we will look at the following topics:
- How to install Sysdig and Csysdig on the host machine
- Basic usage and how to query your containers in real time
- How to capture logs so they can be queried later
