We're now a non-profit! Support open source packet analysis by making a donation.
Wireshark logo

Display Filter Reference: Sysdig Event

Protocol field name: sysdig

Versions: 2.0.0 to 4.0.8

Back to Display Filter Reference

Field name Description Type Versions
sysdig.cpu_idCPU IDUnsigned integer (16 bits)2.0.0 to 4.0.8
sysdig.event_lenEvent lengthUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.event_typeEvent typeUnsigned integer (16 bits)2.0.0 to 4.0.8
sysdig.nparamsNumber of parametersUnsigned integer (32 bits)3.2.13 to 3.2.18, 3.4.5 to 4.0.8
sysdig.param.accept.fdfdSigned integer (64 bits)2.0.0 to 3.0.14
sysdig.param.accept.flagsflagsUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.accept.queuelenqueuelenUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.accept.queuemaxqueuemaxUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.accept.queuepctAccept queue per connectionUnsigned integer (8 bits)2.0.0 to 4.0.8
sysdig.param.accept.tupletupleByte sequence2.0.0 to 4.0.8
sysdig.param.access.modemodeByte sequence3.2.0 to 3.6.0
sysdig.param.bpf.cmdcmdSigned integer (64 bits)3.2.0 to 4.0.8
sysdig.param.bpf.res_or_fdres_or_fdByte sequence3.2.0 to 4.0.8
sysdig.param.chmod.filenamefilenameCharacter string3.6.1 to 4.0.8
sysdig.param.container.ididCharacter string2.0.0 to 3.0.14
sysdig.param.container.imageimageCharacter string2.0.0 to 4.0.8
sysdig.param.container.jsonjsonCharacter string3.2.0 to 4.0.8
sysdig.param.container.typetypeUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.cpu_hotplug.actionactionUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.cpu_hotplug.cpucpuUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.drop.ratioratioUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.epoll_wait.maxeventsmaxeventsByte sequence2.0.0 to 4.0.8
sysdig.param.eventfd.initvalinitvalUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.execve.argsProgram argumentsCharacter string2.0.0 to 4.0.8
sysdig.param.execve.cgroupscgroupsByte sequence2.0.0 to 4.0.8
sysdig.param.execve.commCommandCharacter string2.0.0 to 4.0.8
sysdig.param.execve.cwdCurrent working directoryCharacter string2.0.0 to 4.0.8
sysdig.param.execve.envenvCharacter string2.0.0 to 4.0.8
sysdig.param.execve.exeexeCharacter string2.0.0 to 4.0.8
sysdig.param.execve.fdlimitfdlimitUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.execve.filenamefilenameCharacter string3.2.0 to 3.6.0
sysdig.param.execve.loginuidloginuidSigned integer (32 bits)3.2.0 to 4.0.8
sysdig.param.execve.pgft_majpgft_majUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.execve.pgft_minpgft_minUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.execve.pidpidByte sequence2.0.0 to 3.0.14
sysdig.param.execve.ptidptidByte sequence2.0.0 to 4.0.8
sysdig.param.execve.tidtidByte sequence2.0.0 to 4.0.8
sysdig.param.execve.ttyttySigned integer (32 bits)3.2.0 to 4.0.8
sysdig.param.execve.vm_rssvm_rssUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.execve.vm_sizevm_sizeUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.execve.vm_swapvm_swapUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.fchmod.modemodeByte sequence3.6.1 to 4.0.8
sysdig.param.fchmodat.filenamefilenameByte sequence3.6.1 to 4.0.8
sysdig.param.fcntl.resresSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.flock.operationoperationByte sequence2.0.0 to 4.0.8
sysdig.param.futex.opopByte sequence2.0.0 to 4.0.8
sysdig.param.futex.valvalUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.getgid.gidgidByte sequence2.0.0 to 4.0.8
sysdig.param.getresgid.egidegidByte sequence2.0.0 to 4.0.8
sysdig.param.getresgid.rgidrgidByte sequence2.0.0 to 4.0.8
sysdig.param.getresgid.sgidsgidByte sequence2.0.0 to 4.0.8
sysdig.param.getresuid.euideuidByte sequence2.0.0 to 4.0.8
sysdig.param.getresuid.ruidruidByte sequence2.0.0 to 4.0.8
sysdig.param.getresuid.suidsuidByte sequence2.0.0 to 4.0.8
sysdig.param.getsockopt.levellevelByte sequence3.2.0 to 4.0.8
sysdig.param.getsockopt.optlenoptlenUnsigned integer (32 bits)3.2.0 to 4.0.8
sysdig.param.getsockopt.optnameoptnameByte sequence3.2.0 to 4.0.8
sysdig.param.getsockopt.valvalByte sequence3.2.0 to 4.0.8
sysdig.param.getuid.uiduidByte sequence2.0.0 to 4.0.8
sysdig.param.infra.descriptiondescriptionCharacter string3.2.0 to 4.0.8
sysdig.param.infra.namenameCharacter string3.6.1 to 4.0.8
sysdig.param.infra.scopescopeCharacter string3.2.0 to 4.0.8
sysdig.param.infra.sourcesourceCharacter string3.2.0 to 4.0.8
sysdig.param.ioctl.argumentI/O control: argumentUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.ioctl.requestI/O control: requestUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.lenParameter lengthUnsigned integer (16 bits)2.0.0 to 4.0.8
sysdig.param.lensParameter lengthsByte sequence2.0.0 to 4.0.8
sysdig.param.link.newpathnewpathCharacter string3.6.1 to 4.0.8
sysdig.param.link.oldpatholdpathCharacter string3.6.1 to 4.0.8
sysdig.param.linkat.flagsflagsByte sequence3.2.0 to 3.6.0
sysdig.param.linkat.newdirnewdirSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.linkat.newpathnewpathCharacter string3.2.0 to 3.6.0
sysdig.param.linkat.olddirolddirSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.linkat.oldpatholdpathCharacter string3.2.0 to 3.6.0
sysdig.param.linkat.resresByte sequence3.2.0 to 3.6.0
sysdig.param.listen.backlogbacklogUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.llseek.whencewhenceByte sequence2.0.0 to 4.0.8
sysdig.param.mkdirat.pathpathByte sequence3.2.0 to 4.0.8
sysdig.param.mmap2.pgoffsetpgoffsetUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.mmap2.protprotByte sequence2.0.0 to 4.0.8
sysdig.param.mmap2.resresUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.mount.devdevCharacter string2.0.0 to 4.0.8
sysdig.param.mount.dirdirCharacter string2.0.0 to 4.0.8
sysdig.param.mount.typetypeCharacter string2.0.0 to 4.0.8
sysdig.param.munmap.addraddrUnsigned integer (64 bits)2.0.0 to 3.0.14
sysdig.param.munmap.lengthlengthUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.nanosleep.intervalintervalByte sequence2.0.0 to 4.0.8
sysdig.param.notification.descdescCharacter string3.2.0 to 4.0.8
sysdig.param.notification.ididCharacter string3.2.0 to 4.0.8
sysdig.param.openat.devdevUnsigned integer (32 bits)3.2.0 to 4.0.8
sysdig.param.openat.dirfddirfdSigned integer (64 bits)3.2.0 to 3.6.0
sysdig.param.openat.fdfdSigned integer (64 bits)3.2.0 to 3.6.0
sysdig.param.openat.modemodeUnsigned integer (32 bits)2.0.0 to 3.6.0
sysdig.param.openat.namenameCharacter string3.2.0 to 3.6.0
sysdig.param.openat2.dirfddirfdSigned integer (64 bits)3.6.1 to 4.0.8
sysdig.param.openat2.fdfdSigned integer (64 bits)3.6.1 to 4.0.8
sysdig.param.openat2.flagsflagsByte sequence3.6.1 to 4.0.8
sysdig.param.openat2.modemodeUnsigned integer (32 bits)3.6.1 to 4.0.8
sysdig.param.openat2.namenameByte sequence3.6.1 to 4.0.8
sysdig.param.openat2.resolveresolveByte sequence3.6.1 to 4.0.8
sysdig.param.page_fault.addraddrUnsigned integer (64 bits)3.2.0 to 4.0.8
sysdig.param.page_fault.errorerrorByte sequence3.2.0 to 4.0.8
sysdig.param.page_fault.ipipUnsigned integer (64 bits)3.2.0 to 4.0.8
sysdig.param.pipe.fd1fd1Signed integer (64 bits)2.0.0 to 4.0.8
sysdig.param.pipe.fd2fd2Signed integer (64 bits)2.0.0 to 4.0.8
sysdig.param.pipe.inoinoUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.pluginevent.event_dataevent_dataByte sequence3.6.1 to 4.0.8
sysdig.param.pluginevent.plugin_IDplugin_IDUnsigned integer (32 bits)3.6.1 to 4.0.8
sysdig.param.poll.timeouttimeoutSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.ppoll.fdsfdsByte sequence2.0.0 to 4.0.8
sysdig.param.ppoll.sigmasksigmaskByte sequence2.0.0 to 4.0.8
sysdig.param.ppoll.timeouttimeoutByte sequence2.0.0 to 4.0.8
sysdig.param.prlimit.newcurnewcurSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.prlimit.newmaxnewmaxSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.prlimit.oldcuroldcurSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.prlimit.oldmaxoldmaxSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.prlimit.resourceresourceByte sequence2.0.0 to 4.0.8
sysdig.param.procexit.corecoreUnsigned integer (8 bits)3.6.1 to 4.0.8
sysdig.param.procexit.retretByte sequence3.6.1 to 4.0.8
sysdig.param.procexit.statusstatusByte sequence2.0.0 to 4.0.8
sysdig.param.procinfo.cpu_syscpu_sysUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.procinfo.cpu_usrcpu_usrUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.ptrace.addraddrByte sequence2.0.0 to 4.0.8
sysdig.param.ptrace.datadataByte sequence2.0.0 to 4.0.8
sysdig.param.ptrace.requestrequestByte sequence2.0.0 to 4.0.8
sysdig.param.pwritev.posposUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.pwritev.sizesizeUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.quotactl.dqb_bhardlimitdqb_bhardlimitUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.quotactl.dqb_bsoftlimitdqb_bsoftlimitUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.quotactl.dqb_btimedqb_btimeByte sequence2.0.0 to 4.0.8
sysdig.param.quotactl.dqb_curspacedqb_curspaceUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.quotactl.dqb_ihardlimitdqb_ihardlimitUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.quotactl.dqb_isoftlimitdqb_isoftlimitUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.quotactl.dqb_itimedqb_itimeByte sequence2.0.0 to 4.0.8
sysdig.param.quotactl.dqi_bgracedqi_bgraceByte sequence2.0.0 to 4.0.8
sysdig.param.quotactl.dqi_flagsdqi_flagsByte sequence2.0.0 to 4.0.8
sysdig.param.quotactl.dqi_igracedqi_igraceByte sequence2.0.0 to 4.0.8
sysdig.param.quotactl.ididUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.quotactl.quota_fmtquota_fmtByte sequence2.0.0 to 4.0.8
sysdig.param.quotactl.quota_fmt_outquota_fmt_outByte sequence2.0.0 to 4.0.8
sysdig.param.quotactl.quotafilepathquotafilepathCharacter string2.0.0 to 4.0.8
sysdig.param.quotactl.specialspecialCharacter string2.0.0 to 4.0.8
sysdig.param.quotactl.typetypeByte sequence2.0.0 to 4.0.8
sysdig.param.renameat.newdirfdnewdirfdSigned integer (64 bits)2.0.0 to 3.6.0
sysdig.param.renameat.newpathnewpathCharacter string2.0.0 to 3.0.14
sysdig.param.renameat.olddirfdolddirfdSigned integer (64 bits)2.0.0 to 3.6.0
sysdig.param.renameat.oldpatholdpathCharacter string2.0.0 to 3.0.14
sysdig.param.renameat2.newdirfdnewdirfdSigned integer (64 bits)3.6.1 to 4.0.8
sysdig.param.renameat2.newpathnewpathByte sequence3.6.1 to 4.0.8
sysdig.param.renameat2.olddirfdolddirfdSigned integer (64 bits)3.6.1 to 4.0.8
sysdig.param.renameat2.oldpatholdpathByte sequence3.6.1 to 4.0.8
sysdig.param.seccomp.opopUnsigned integer (64 bits)3.2.0 to 4.0.8
sysdig.param.semctl.cmdcmdByte sequence2.0.0 to 4.0.8
sysdig.param.semctl.semidsemidSigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.semctl.semnumsemnumSigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.semctl.valvalSigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.semget.keykeySigned integer (32 bits)3.2.0 to 4.0.8
sysdig.param.semget.nsemsnsemsSigned integer (32 bits)3.2.0 to 4.0.8
sysdig.param.semget.semflgsemflgByte sequence3.2.0 to 4.0.8
sysdig.param.semop.nsopsnsopsUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.semop.sem_flg_0sem_flg_0Byte sequence2.0.0 to 4.0.8
sysdig.param.semop.sem_flg_1sem_flg_1Byte sequence2.0.0 to 4.0.8
sysdig.param.semop.sem_num_0sem_num_0Unsigned integer (16 bits)2.0.0 to 4.0.8
sysdig.param.semop.sem_num_1sem_num_1Unsigned integer (16 bits)2.0.0 to 4.0.8
sysdig.param.semop.sem_op_0sem_op_0Signed integer (16 bits)2.0.0 to 4.0.8
sysdig.param.semop.sem_op_1sem_op_1Signed integer (16 bits)2.0.0 to 4.0.8
sysdig.param.sendfile.in_fdin_fdSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.sendfile.offsetoffsetUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.sendfile.out_fdout_fdSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.sendfile.sizesizeUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.setns.nstypenstypeByte sequence2.0.0 to 4.0.8
sysdig.param.setpgid.pgidpgidByte sequence3.2.0 to 4.0.8
sysdig.param.setpgid.pidpidByte sequence3.2.0 to 4.0.8
sysdig.param.setrlimit.curcurSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.setrlimit.maxmaxSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.shutdown.howhowByte sequence2.0.0 to 4.0.8
sysdig.param.signaldeliver.dpiddpidByte sequence2.0.0 to 4.0.8
sysdig.param.signaldeliver.sigsigByte sequence2.0.0 to 4.0.8
sysdig.param.signaldeliver.spidspidByte sequence2.0.0 to 4.0.8
sysdig.param.signalfd.maskmaskUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.socketpair.domaindomainByte sequence2.0.0 to 4.0.8
sysdig.param.socketpair.peerpeerUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.socketpair.protoprotoUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.socketpair.sourcesourceUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.splice.fd_infd_inSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.splice.fd_outfd_outSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.switch.nextnextByte sequence2.0.0 to 4.0.8
sysdig.param.symlink.linkpathlinkpathCharacter string3.6.1 to 4.0.8
sysdig.param.symlinkat.linkdirfdlinkdirfdSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.symlinkat.linkpathlinkpathByte sequence2.0.0 to 4.0.8
sysdig.param.symlinkat.targettargetCharacter string2.0.0 to 4.0.8
sysdig.param.syscall.IDIDByte sequence2.0.0 to 4.0.8
sysdig.param.syscall.nativeIDnativeIDUnsigned integer (16 bits)2.0.0 to 4.0.8
sysdig.param.sysdigevent.event_dataevent_dataUnsigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.sysdigevent.event_typeevent_typeUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.timerfd_create.clockidclockidUnsigned integer (8 bits)2.0.0 to 4.0.8
sysdig.param.tracer.ididSigned integer (64 bits)3.2.0 to 4.0.8
sysdig.param.tracer.tagstagsByte sequence3.2.0 to 4.0.8
sysdig.param.umount.flagsflagsByte sequence2.0.0 to 3.0.14
sysdig.param.umount.namenameCharacter string2.0.0 to 3.0.14
sysdig.param.umount.resresByte sequence2.0.0 to 3.0.14
sysdig.param.unlink.pathpathCharacter string2.0.0 to 3.0.14, 3.6.1 to 4.0.8
sysdig.param.unlinkat.dirfddirfdSigned integer (64 bits)2.0.0 to 3.0.14
sysdig.param.userfaultfd.resresByte sequence3.6.1 to 4.0.8
sysdig.param.vfork.fdlimitfdlimitSigned integer (64 bits)2.0.0 to 4.0.8
sysdig.param.vfork.gidgidUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.vfork.uiduidUnsigned integer (32 bits)2.0.0 to 4.0.8
sysdig.param.vfork.vpidvpidByte sequence2.0.0 to 4.0.8
sysdig.param.vfork.vtidvtidByte sequence2.0.0 to 4.0.8
sysdig.thread_idThread IDUnsigned integer (64 bits)2.0.0 to 4.0.8

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube