Sysdig vs DTrace vs Strace: a Technical Discussion

First off, let me start with a big thank you to all of you for your interest in sysdig! We have been overwhelmed by the positive response from the community, and by the quality of the comments, questions, and contributions we’re receiving.

For the uninitiated, sysdig is a system-level exploration and troubleshooting tool for Linux with native support for containers. In this post, I want to try to answer two important and recurring questions we’ve received:

  1. “How does sysdig work?”
  2. “How is this different from the plethora of tools already available to analyze a Linux system or the processes that run on top of it (SystemTap, LTTng, DTrace, strace, ktap to name few of them)?”

I’ll address both questions by providing a technical breakdown of sysdig’s architecture. But before doing that, let’s look at two very well-known tools: strace and DTrace.