1 files changed, 59 insertions, 0 deletions
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 775083c92c..d1efd6213f 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -115,6 +115,7 @@
   #:use-module (gnu packages c)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cpp)
   #:use-module (gnu packages crates-graphics)
   #:use-module (gnu packages crates-io)
   #:use-module (gnu packages crates-windows)
@@ -5726,6 +5727,64 @@ mediate access to shared devices, such as graphics and input, for applications
 that require it.")
     (license license:expat)))
 
+(define-public sysdig
+  ;; Use the latest commit for now, as the latest 0.36.1 release does not yet
+  ;; support the falcosecurity-libs 0.16 API.
+  (let ((commit "598ad292b659425e475e5814d9e92c3c29188480")
+        (revision "0"))
+    (package
+      (name "sysdig")
+      (version (git-version "0.36.1" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/draios/sysdig")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "0yyins3rb286dfibadfwwp2gwmdj7fsz3pdkpdvx05yvdqfkqds7"))
+                (patches
+                 (search-patches "sysdig-shared-falcosecurity-libs.patch"))))
+      (build-system cmake-build-system)
+      (arguments
+       (list #:tests? #f                ;no test suite
+             #:configure-flags
+             #~(list "-DUSE_BUNDLED_DEPS=OFF"
+                     ;; Already built and part of falcosecurity-libs, but
+                     ;; needed for the 'HAS_MODERN_BPF' define.
+                     "-DBUILD_SYSDIG_MODERN_BPF=ON"
+                     #$(string-append "-DSYSDIG_VERSION=" version))))
+      (native-inputs (list pkg-config))
+      (inputs
+       (list falcosecurity-libs
+             luajit
+             ncurses
+             nlohmann-json
+             yaml-cpp
+             zlib))
+      (home-page "https://github.com/draios/sysdig")
+      (synopsis "System exploration and troubleshooting tool")
+      (description "Sysdig is a simple tool for deep system visibility, with
+native support for containers.  It combines features of multiple system
+administration tools such as the @command{strace}, @command{tcpdump},
+@command{htop}, @command{iftop} and @command{lsof} into a single interface.
+The novel architecture of the tool means that the performance impact of the
+tracing on the system is very light, compared to the likes of
+@command{strace}.  The @command{sysdig} command has an interface similar to
+@command{strace}, while the @command{csysdig} command is better suited for
+interactive used, and has a user interface similar to @command{htop}.
+
+If you use Guix System, the kernel Linux has @acronym{BPF, Berkeley Packet
+Filter} support, and you should launch this tool using the @samp{--modern-bpf}
+argument of the @command{sysdig} or @command{csysdig} commands.  The following
+Bash aliases can be added to your @file{~/.bash_profile} file, for example:
+
+alias sysdig=sudo sysdig --modern-bpf
+alias cysdig=sudo csysdig --modern-bpf
+")                                      ;XXX no @example Texinfo support
+      (license license:asl2.0))))
+
 (define-public fail2ban
   (package
     (name "fail2ban")