Skip to content

Building sysdig

linuxonz edited this page Oct 13, 2025 · 54 revisions

Building Sysdig

Below versions of Sysdig are available in respective distributions at the time of creation of these build instructions:

  • Ubuntu 22.04 has 0.27.1
  • Ubuntu 24.04 has 0.36.0
  • Ubuntu 25.04 has 0.38.1

The instructions provided below specify the steps to build Sysdig version 0.40.1 on Linux on IBM Z for following distributions:

  • RHEL (8.10, 9.4, 9.6)
  • Ubuntu (22.04, 24.04, 25.04)

General Notes:

  • When following the steps below please use a standard permission user unless otherwise specified.
  • A directory /<source_root>/ will be referred to in these instructions, this is a temporary writable directory anywhere you'd like to place it.

1. Build using script

If you want to build Sysdig using manual steps, go to step 2.

Use the following commands to build Sysdig using the build script. Please make sure you have wget installed.

wget https://raw.githubusercontent.com/linux-on-ibm-z/scripts/master/Sysdig/0.40.1/build_sysdig.sh

# Run bash build_sysdig.sh 
bash build_sysdig.sh  [Provide -t option for executing build with tests] 

In case of error, check logs for more details or go to Step 2 to follow manual build steps.

2. Install dependencies

export SOURCE_ROOT=/<source_root>/
  • RHEL (8.10, 9.4, 9.6)

    sudo yum install -y wget tar patch gcc gcc-c++ git bpftool clang cmake pkg-config elfutils-libelf-devel kernel-devel-$(uname -r) kmod llvm perl
  • Ubuntu (22.04, 24.04, 25.04)

    sudo apt-get update
    sudo apt-get install -y git g++ linux-headers-generic cmake libelf-dev pkg-config kmod g++-11 clang llvm wget zlib1g patch wget libssl-dev
    sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 11
    sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-11 11
  • Create link for kernel build if does not exist:

    For Rhel
    sudo mkdir -p /lib/modules/$(uname -r)
    version=$(sudo yum info kernel-devel | grep Version | awk 'NR==1{print $3}')
    release=$(sudo yum info kernel-devel | grep Release | awk 'NR==1{print $3}')
    echo $version-$release.s390x
    if [ ! -e "/lib/modules/$(uname -r)/build" ]; then
        sudo ln -s "/usr/src/kernels/$version-$release.s390x" "/lib/modules/$(uname -r)/build"
    fi
    
    For Ubuntu
    sudo mkdir -p /lib/modules/$(uname -r)
    version=$(ls /usr/src/ | grep generic | tail -1)
    if [ ! -e "/lib/modules/$(uname -r)/build" ]; then
        sudo ln -s /usr/src/$version /lib/modules/$(uname -r)/build
    fi
    
  • Install bpftool (For Ubuntu only)

    cd $SOURCE_ROOT
    git clone --recurse-submodules https://github.com/libbpf/bpftool.git
    cd bpftool && cd src
    make
    sudo make install

3. Download source code

cd $SOURCE_ROOT
git clone -b 0.40.1 https://github.com/draios/sysdig.git
cd sysdig
mkdir build

4. Configure, build and install Sysdig

4.1. Configure

  • RHEL 8.10

    cd $SOURCE_ROOT/sysdig/build
    cmake -DCREATE_TEST_TARGETS=ON -DUSE_BUNDLED_DEPS=ON -DBUILD_SYSDIG_MODERN_BPF=OFF -DSYSDIG_VERSION=0.40.1 ..
    sed -i '92s/-DCARES_SHARED=/-DCARES_SHARED= -DCMAKE_INSTALL_LIBDIR=lib/' CMakeFiles/c-ares.dir/build.make
  • RHEL (9.4, 9.6)

    cd $SOURCE_ROOT/sysdig/build
    
    #For RHEL 9.6 only
    sed -i 's,8.0.0+driver,8.1.0+driver,g' $SOURCE_ROOT/sysdig/cmake/modules/driver.cmake 
    sed -i 's,f35990d6a1087a908fe94e1390027b9580d4636032c0f2b80bf945219474fd6b,182e6787bf86249a846a3baeb4dcd31578b76d4a13efa16ce3f44d66b18a77a6,g' $SOURCE_ROOT/sysdig/cmake/modules/driver.cmake
    
    cmake -DCREATE_TEST_TARGETS=ON -DUSE_BUNDLED_DEPS=ON -DSYSDIG_VERSION=0.40.1 ..
    sed -i '92s/-DCARES_SHARED=/-DCARES_SHARED= -DCMAKE_INSTALL_LIBDIR=lib/' CMakeFiles/c-ares.dir/build.make 
  • Ubuntu (22.04, 24.04, 25.04)

    cd $SOURCE_ROOT/sysdig/build
    
    #For Ubuntu 25.04 only
    sed -i 's,8.0.0+driver,8.1.0+driver,g' $SOURCE_ROOT/sysdig/cmake/modules/driver.cmake
    sed -i 's,f35990d6a1087a908fe94e1390027b9580d4636032c0f2b80bf945219474fd6b,182e6787bf86249a846a3baeb4dcd31578b76d4a13efa16ce3f44d66b18a77a6,g' $SOURCE_ROOT/sysdig/cmake/modules/driver.cmake
       
    cmake -DCREATE_TEST_TARGETS=ON -DUSE_BUNDLED_DEPS=ON -DSYSDIG_VERSION=0.40.1 ..

4.2. Build Sysdig

cd $SOURCE_ROOT/sysdig/build
make
sudo make install

5. Testing (Optional)

  • Some test cases may fail due to big-endian architecture of s390x. Apply patch -
cd $SOURCE_ROOT/sysdig/build/
wget https://raw.githubusercontent.com/linux-on-ibm-z/scripts/master/Sysdig/0.40.1/patch/sysdig.patch
patch -p1 < sysdig.patch
rm -f sysdig.patch
  • To run the whole unit test suite
cd $SOURCE_ROOT/sysdig/build/
make run-unit-test-libsinsp

All the test cases should pass.

6. Insert Sysdig driver module

#Unload any existing module
sudo rmmod scap || true

#Insert Sysdig kernel module
cd $SOURCE_ROOT/sysdig/build/driver/
sudo insmod scap.ko

7. Validate installation (optional)

  • Validate Sysdig's version

    sysdig --version

    The output should be:

    sysdig version 0.40.1
  • Validate sysdig and csysdig binaries

    sudo /usr/local/bin/sysdig
    sudo /usr/local/bin/csysdig

Note:

  • Refer to this for more information on running Sysdig as a non-root user.

References:

Clone this wiki locally