On Debian 11 Bullseye, the article walks you through installing Sysdig by first ensuring your system packages are up to date and then adding the official Draios repository with a one‑liner script that also pulls the GPG key. After refreshing apt’s cache, you install the sysdig package, which brings in the binary, dependencies, and eBPF kernel module, and the optional service starts automatically if desired. A quick sanity check is to load the kernel module manually or run `sudo sysdig -c top` to confirm real‑time activity and spot issues such as blocked system calls. Finally, you can tidy up any build tools you used for troubleshooting with an `apt autoremove`.

How to Install Sysdig on Debian 11 Bullseye

If you’re running containers or just want a deeper look at what’s happening inside your Linux kernel, Sysdig gives you a handy lens. This article walks through installing it on Debian 11 “Bullseye” and explains why each step matters.

Prerequisite: Make Sure Your System is Up‑to‑Date

sudo apt update && sudo apt upgrade -y

Updating ensures the base packages are current, which prevents weird dependency hell later. I’ve seen sysdig fail to install when `libc6` or `gcc` are a few releases behind.

Step 1: Add the Sysdig Repository and Key

# Grab the GPG key so apt trusts the packages
wget -qO- https://s3.amazonaws.com/download.draios.com/stable/install-draios.sh | sudo bash

# The script adds the repo to /etc/apt/sources.list.d/sysdig.list

Why this matters: Debian’s default repos don’t ship Sysdig, and installing from source would waste a ton of time. The script fetches both the key and the proper repo for Bullseye in one go.

Step 2: Update Package Index Again

sudo apt update

You’re refreshing apt’s cache to include the new Sysdig packages. Skipping this step will make apt think the repository is empty, and the install will fail.

Step 3: Install Sysdig

sudo apt install sysdig

A single command pulls in everything you need: the binary, its dependencies, and the kernel module that hooks into eBPF. The install script will also enable the `sysdig` service if you want it to start on boot.

Optional: Verify Kernel Module is Loaded

sudo modprobe sysdig

If you’re running a very old kernel, this can fail with “module not found.” In that case you’ll need to upgrade your kernel or compile the module yourself. Most Bullseye users are fine right out of the box.

Test It Out: Run a Quick Capture

sudo sysdig -c top

This opens an interactive view of system calls, similar to `top`. If you see real‑time data, congratulations—you’ve got Sysdig running. I once used it to trace a mysterious “socket timeout” in a Go microservice; the output showed that every request was getting stuck on a single blocked syscall.

Cleanup: Remove Unneeded Packages (Optional)

sudo apt autoremove

If you added any temporary build tools during troubleshooting, this will tidy them up.

That’s it. Sysdig is now ready to help you hunt down performance issues, debug containers, or just satisfy that curiosity about what your kernel is doing under the hood. Give it a spin and let me know if you run into hiccups.