sysdig -cl #chisel
sysdig -l  #filtry
sysdig -L  #eventy


# FORMATOWANIE WYJSCIA i przejscie miedzy katalogami
sysdig -p"user:%user.name dir:%evt.arg.path" evt.type=chdir

sysdig -c echo_fds and proc.name contains nginx

# open i przejscia
sysdig -p"%evt.type %evt.dir %evt.arg.name" evt.type=open


# proces firefox ktory pisze po katalogach ktore w nazwie maja python
sysdig proc.name contains "firefox" and fd.directory contains 'python'


sysdig -p"(%user.name %proc.name %proc.args") evt.type=execve and evt.arg.ptid=bash

sysdig evt.type=accept and proc.name!=apache
sysdig evt.type=open and proc.name=nginx

sysdig evt.type=execve and evt.arg.ptid=bash

sysdig -r sysdig proc.name="php5-fpm" and evt.type!="epoll_wait" and evt.type!="switch"

sysdig proc.name contains php or proc.name contains nginx and evt.type!=switch and evt.type!=epoll_wait