Recently I started using sysdig in a wild.
I installed it however it did not have a dedicated systemd service.
In my production it needs to run --unbuffered and has to append to a file rather than run with -w flag.
I created the systemd service for it as follows
[root@nfsec]# cat /etc/systemd/system/sysdig.service
[Unit]
Description=sysdig Service
After=network.target
[Service]
Type=simple
User=root
ExecStart=/bin/bash -c '/usr/bin/sysdig --unbuffered -c spy_users >>/mnt/nfs/sysdump/sysdump/owncloud.nfsec.co.uk.scap'
Restart=on-abort
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable sysdig
[root@nfsec ~]# service sysdig start
Redirecting to /bin/systemctl start sysdig.service
[root@nfsec ~]# service sysdig status
Redirecting to /bin/systemctl status sysdig.service
● sysdig.service - sysdig Service
Loaded: loaded (/etc/systemd/system/sysdig.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2017-01-26 10:19:36 GMT; 3s ago
Main PID: 29252 (bash)
CGroup: /system.slice/sysdig.service
├─29252 /bin/bash -c /usr/bin/sysdig --unbuffered -c spy_users >>/mnt/dump/nfsec.scap
└─29253 /usr/bin/sysdig --unbuffered -c spy_users
Jan 26 10:19:36 nfsec systemd[1]: Started sysdig Service.
Jan 26 10:19:36 nfsec systemd[1]: Starting sysdig Service...
--lo3k