sysdig and Attackers When a system is compromised, attackers usually erase the syslog and other related log files in order to hide his/her intrusion activities. Nowadays, attackers should also erase one more log file, namely sysdig. sysdig will log all the activities in a file, namely *.scap.gz. Sysadmin can backtrack all the activities of all users (including intruders). For more details of sysdig, you can refer to Draios Blog - Fishing for Hackers: Analysis of a Linux Server Attack. Thats all! See you. download file now