Skip to content

Building sysdig

linuxonz edited this page Jul 15, 2024 · 47 revisions

Building Sysdig

Below versions of Sysdig are available in respective distributions at the time of creation of these build instructions:

  • Ubuntu 20.04 has 0.26.4
  • Ubuntu 22.04 has 0.27.1
  • Ubuntu 23.10 has 0.32.0
  • Ubuntu 24.04 has 0.36.0

The instructions provided below specify the steps to build Sysdig version 0.36.1 on Linux on IBM Z for following distributions:

  • RHEL (7.8, 7.9, 8.8, 8.9, 9.2, 9.3)
  • Ubuntu (20.04, 22.04, 23.10, 24.04)

General Notes:

  • When following the steps below please use a standard permission user unless otherwise specified.
  • A directory /<source_root>/ will be referred to in these instructions, this is a temporary writable directory anywhere you'd like to place it.

Step 1: Build using script

If you want to build Sysdig using manual steps, go to step 2.

Use the following commands to build Sysdig using the build script. Please make sure you have wget installed.


# Run bash 
bash  [Provide -t option for executing build with tests] 

In case of error, check logs for more details or go to Step 2 to follow manual build steps.

Step 2: Install dependencies

export SOURCE_ROOT=/<source_root>/
  • RHEL (7.8, 7.9)

    sudo yum install -y perl-IPC-Cmd devtoolset-11-gcc devtoolset-11-gcc-c++ devtoolset-11-binutils rh-git227-git.s390x pkgconfig kernel-devel kmod perl
    #switch to GCC 11   
    export PATH=/opt/rh/devtoolset-11/root/usr/bin:/usr/local/bin:$PATH
    #Enable git 2.27
    source /opt/rh/rh-git227/enable
  • RHEL (8.8, 8.9, 9.2, 9.3)

    sudo yum install -y gcc gcc-c++ git cmake pkg-config elfutils-libelf-devel kernel-devel-$(uname -r) kmod perl
  • Ubuntu (20.04, 22.04)

    sudo apt-get update
    sudo apt-get install -y git g++ linux-headers-generic cmake libelf-dev pkg-config kmod
  • Ubuntu (23.10, 24.04)

    sudo apt-get update
    sudo apt-get install -y git g++ linux-headers-generic cmake libelf-dev pkg-config kmod g++-11
    sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 11
    sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-11 11
  • Install OpenSSL (Only on RHEL 7.x)

    wget --no-check-certificate
    tar -xzf openssl-1.1.1l.tar.gz
    cd openssl-1.1.1l
    ./config --prefix=/usr/local --openssldir=/usr/local
    sudo make install
    sudo mkdir -p /usr/local/etc/openssl
    sudo wget --no-check-certificate -P /usr/local/etc/openssl
    export LD_LIBRARY_PATH
    export SSL_CERT_FILE=/usr/local/etc/openssl/cacert.pem
  • Install CMake v3.20.3 (Only on RHEL 7.x)

    wget --no-check-certificate
    tar -xvzf cmake-3.20.3.tar.gz
    cd cmake-3.20.3
    sudo make install
    cmake --version

Step 3: Download source code

git clone
cd sysdig
git checkout 0.36.1
mkdir build

# For RHEL 9.x and Ubuntu-24.04, due to kernel issues, need to upgrade the drivers
sed -i 's,7.0.0+driver,7.1.0+driver,g' $SOURCE_ROOT/sysdig/cmake/modules/driver.cmake
sed -i 's,9f2a0f14827c0d9d1c3d1abe45b8f074dea531ebeca9859363a92f0d2475757e,ec493d549d7dc6d9a5534e91e0350aa06827f91c7119818d88c22e8a2820f416,g' $SOURCE_ROOT/sysdig/cmake/modules/driver.cmake

Step 4: Configure, build and install Sysdig

Step 4.1: Configure

cd $SOURCE_ROOT/sysdig/build

Step 4.2: Build Sysdig

cd $SOURCE_ROOT/sysdig/build
sed -i 's,,,g' ./c-ares-prefix/src/c-ares-stamp/download-c-ares.cmake
sed -i 's,,,g' ./falcosecurity-libs-repo/falcosecurity-libs-prefix/src/falcosecurity-libs/cmake/modules/cares.cmake
sudo make install

Step 5: Insert Sysdig driver module

#Unload any existing module
sudo rmmod scap || true

#Insert Sysdig kernel module
cd $SOURCE_ROOT/sysdig/build/driver/
sudo insmod scap.ko

Step 6: Testing (Optional)

  • To run the whole unit test suite
cd $SOURCE_ROOT/sysdig/build/
make run-unit-test-libsinsp

All the test cases should pass.

Step 7: Validate installation (optional)

  • Validate Sysdig's version

    sysdig --version

    The output should be:

    sysdig version 0.36.1
  • Validate sysdig and csysdig binaries

    sudo /usr/local/bin/sysdig
    sudo /usr/local/bin/csysdig


  • Refer to this for more information on running Sysdig as a non-root user.


Clone this wiki locally