marketplace
CDS Sysdig - Policy Events Overview
CDS Sysdig - Audit Tap Overview
CDS Sysdig - Activity Audit Overview
Overview
- Sysdig is a unified data platform that provides a powerful and comprehensive solution for monitoring, security, and troubleshooting in containerized and cloud-native environments. Monitor, secure, and troubleshoot your hosts, Kubernetes clusters, and workloads.
- Sysdig Secure enables teams to secure builds; detect and respond to runtime threats; and continuously manage cloud configurations, permissions, and compliance.
This integration collects logs from Event Forwarding Data Sources listed below:
- Runtime Policy Events
- Activity Audit
- Audit Tap
Troubleshooting
If you see Permission denied error while port binding in agent logs, please follow the below instructions:
Binding to a port number under 1024 requires elevated permissions. Follow the instructions below to set this up.
Grant access to port using the setcap command:
sudo setcap CAP_NET_BIND_SERVICE=+ep /opt/datadog-agent/bin/agent/agent
Verify the setup is correct by running the getcap command:
sudo getcap /opt/datadog-agent/bin/agent/agent
With the expected output:
/opt/datadog-agent/bin/agent/agent = cap_net_bind_service+ep
Note: Re-run this setcap command every time you upgrade the Agent.
Restart the Agent.
Make sure that traffic should be bypassed from the configured port if the firewall is enabled.
If you see Port <PORT-NO> Already in Use error please follow the below instructions (Example given below is for PORT-NO = 514):
On systems with Syslog, if the Agent is listening for Sysdig logs on port 514, the following error can appear in the Agent logs: Can’t start UDP forwarder on port 514: listen udp :514: bind: address already in use.
This is happening because by default, Syslog is listening on port 514. To resolve this error, Syslog can be disabled, or the Agent can listen on the available port, which is not occupied by other services.
Support
For support or feature requests, contact Crest Data through the following channels:
This application is made available through the Datadog Marketplace and is supported by a Datadog Technology Partner. To use it, purchase this application in the Marketplace.