Sysdig today donated an open source cloud forensics tool to the Wireshark Foundation that currently oversees the development of a tool used to analyze network protocols.

Launched last year, Stratoshark is based on Falco, a set of open source libraries, repositories and plugins to collect data that IT teams can then analyze via a graphical user interface (GUI). It detects abnormal behavior that Sysdig now uses as the foundation of its cloud-native application protection platform (CNAPP). Originally developed by Sysdig, Falco is now being advanced under the auspices of the Cloud Native Computing Foundation (CNCF).

The Wireshark Foundation was set up in 2023 to provide similar oversight over the development of the open source Wireshark tool for analyzing network protocols that Sysdig acquired in 2022. Stratoshark, in contrast, analyzes system calls made to Linux servers and cloud logs in a way that is deliberately designed to provide a similar graphical experience at Wireshark.

Sysdig CTO Loris Degioanni said the overall goal is to present IT teams with a set of easily accessible graphical interfaces through which complex networks and cloud computing environments can be more easily managed.

Itโ€™s not clear how many organizations are using these tools, but Sysdig notes there are now more than 5 million users participating in events and other activities hosted by the Wireshark Foundation. Sysdig is clearly hoping to establish a symbiotic relationship between Wireshark and Stratoshark to increase adoption of both open source tools. The more IT teams that adopt Stratoshark the more likely it becomes they will also consider using the Sysdig CNAPP and vice versa.

Regardless of motivation for adopting Stratoshark, itโ€™s clear that IT teams are being overwhelmed by the number of servers they need to manage. Itโ€™s not feasible for organizations to continue to expand the size of their IT teams, so the need for simpler tools that make it easier to resolve issues faster continues to become a more pressing issue. Stratoshark also provides IT teams with a tool that is much simpler to deploy than, for example, a more complex observability platform.

In the meantime, the overall size of the IT estate only continues to expand as more servers are added to cloud computing environments, local data centers, and increasingly, the network edge. Each IT team will need to decide for itself how best to manage all those servers, but most issues should be readily identifiable by analyzing system calls and logs.

The challenge, as always, is getting the right tool in the hands of IT professionals at the right time, in a way organizations can afford. In fact, many IT professionals in the name of self-preservation will employ open source tools to manage servers, regardless of whether they are officially sanctioned or not.

In the meantime, IT teams might want to consider consolidating as many Linux servers as possible on the assumption that the more of them there are, the more likely there will be one or more issues that will need to be resolved at, inevitably, the most inconvenient time possible.

TECHSTRONG TV

Click full-screen to enable volume control
Watch latest episodes and shows

SHARE THIS STORY

RELATED STORIES:

Sysdig Adds Open Source Tool to Troubleshoot Linux Servers

Cloud Native Application Visibility and the Sysdig Way

Intel Punts Pathfinder and Nixes Networking Business | Gestalt IT Rundown: February 1, 2023

Open Source: Not Just the Responsibility of Independent Developers