I set out to install sysdig and have it monitor my system but there didn't seem to be any good documentation to make it start with my system. Tons of weird posts out there all over about systemd, init.d, upstart, etc. I figured I'd write up the adventure.
The instructions tell you to do something like this:
curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash
However I would caution you to always download bash scripts and inspect them before running them
Writing our service:
It turns out writing a systemd service is quite easy. Here is what I ended up writing for sysdig:
sudo nano /etc/systemd/system/sysdig.service
[Unit] Description=sysdig Service After=network-pre.target [Service] Type=simple User=root ExecStart=/usr/bin/sysdig -s 4096 -G 86400 -W 5 -z -w /var/local/sd/trace.scap.gz Restart=on-abort [Install] WantedBy=multi-user.target
This is pretty straight forward config from the docs. Here are the flag definitions for the sysdig service I used:
-s: Capture the first
bytes of each I/O buffer. By default, the first 80 bytes are captured. Use this option with caution, it can generate huge trace files.
-G: Rotate the dump file after X seconds (in this case I chose daily)
-W: In conjunction with G will limit the number of rotated dump files
-w: output file
Enabling the service
sudo systemctl enable sysdig
Now we have an awesome service that will start after the network-pre time on boot.