
Sysdig today unveiled an open source Stratoshark tool that promises to make it simpler to troubleshoot Linux servers using system calls and log data.
Announced at the FOSDEM 2025 conference, Stratoshark makes use of open source Falco libraries, repositories and plugins to collect data that IT teams can then analyze via a graphical user interface (GUI) that provides a similar experience to a Wireshark tool for network administrators that Sysdig acquired in 2022.
Falco is an open source tool for detecting abnormal behavior that Sysdig originally created to drive a cloud-native application protection platform (CNAPP).
Gerald Combs, Stratoshark and Wireshark co-creator and director of open source projects for Sysdig, said Stratoshark essentially extends the reach of Falco to now also troubleshoot Linux servers. Eventually, the goal is to also extend the reach of Stratoshark to other operating systems in addition to providing a command line interface (CLI) option that would make it easier to integrate the tool into automated DevOps workflows.
Sysdig, with the launch of Stratoshark, is trying to provide a tool for troubleshooting Linux servers that is accessible to almost any IT professional, said Combs. Ultimately, Sysdig expects IT professionals to employ Stratoshark and Wireshark together to enable them to correlate server and networking issues, he added.
Itโs not clear how many organizations are using Falco to improve security, but Sysdig is clearly hoping a symbiotic relationship will be established. The more IT teams that adopt Stratoshark the more likely it becomes they will also consider using the Sysdig CNAPP and vice versa.
Regardless of motivation for adopting Stratoshark, itโs clear that IT teams are being overwhelmed by the number of servers they need to manage. Itโs not feasible for organizations to continue to expand the size of their IT teams, so the need for simpler tools that make it easier to resolve issues faster continues to become a more pressing issue. Stratoshark also provides those IT teams with a monitoring tool that is also much simpler to deploy than, for example, a more complex observability platform, noted Combs.
Hopefully, there will come a day when servers are much more self-healing than they are today. In the meantime, the overall size of the IT estate only continues to expand as more servers are added to cloud computing environments, local data centers, and increasingly the network edge. Each IT team will need to decide for itself how best to manage all those servers, but most issues should be readily identifiable by analyzing system calls and logs.
The challenge. As always, is getting the right tool in the hands of IT professionals at the right time, in a way organizations can afford. In fact, many IT professionals in the name of self-preservation will employ open source tools to manage servers, regardless of whether they are officially sanctioned or not.
In the meantime, IT teams might want to consider consolidating as many Linux servers as possible on the assumption that more of them only increase the probability there will be one or more issues that will need to be resolved at the most inconvenient time possible.