Sysdig Continuous Capture with File Rotation

Sysdig's release of version 0.1.102 introduces file rotation for continuous capture, a feature that prevents trace files from growing unbounded by automatically splitting them into multiple, manageable files. This enhancement is particularly beneficial for monitoring, troubleshooting, and post-mortem analysis, as it allows users to set simple policies that control how trace data is divided and retained, ultimately limiting disk space usage. Users familiar with tcpdump will find file rotation similar, and sysdig offers flexibility with command-line flags to define file size, timespan, or number of events per file, as well as the number of files to retain. The feature is versatile, supporting various use cases such as capturing application activity before a crash, monitoring commands in a container, or logging specific outputs, and it can also be applied to existing trace files for further data segmentation.