added basic documantion for traceectl

ShohamBit · ShohamBit · commit 0db47c27177f · 2024-11-28T14:11:00.000Z
diff --git a/docs/docs/traceectl/index.md b/docs/docs/traceectl/index.md
@@ -0,0 +1,15 @@
+# TraceeCtl - Client Service for Tracee
+
+**TraceeCtl** is a command-line interface (CLI) tool designed as a client service for [Tracee](https://github.com/aquasecurity/tracee), Aqua Security's open-source runtime security solution. Tracee provides real-time, powerful observability for Linux environments by monitoring system calls, events, and more. TraceeCtl is built to simplify interactions with Tracee, making it easier for users to manage, monitor, and gather security insights.
+
+## Overview
+
+TraceeCtl acts as a controller for Tracee, allowing users to:
+
+- **Stream Events**: Continuously stream security events from Tracee, with options to format the output as JSON, tables, or custom templates.
+- **List Available Events**: Display the available events that Tracee can capture, providing essential insights into runtime activities.
+- **Query Metrics**: Access various metrics related to Tracee, including event counts, errors, and more.
+
+## Installation and Usage
+
+To get started with TraceeCtl, go over the [Installation and Usage page](./usage.md)
diff --git a/docs/docs/traceectl/usage.md b/docs/docs/traceectl/usage.md
@@ -0,0 +1,71 @@
+# TraceeCtl Installation and Usage Guide
+
+## Installation
+
+To use **TraceeCtl**, you first need to compile and install the tool. Follow these steps to get started:
+
+1. **Clone the Repository**
+
+   Begin by cloning the Tracee repository to your local machine and navigating to traceectl:
+
+   ``` bash
+   git clone [URL-to-your-repo](https://github.com/aquasecurity/tracee.git)
+   cd cmd/traceectl
+   ```
+
+2. **Build and Install**
+
+   Compile and install TraceeCtl using the following commands:
+
+   ``` bash
+   make build
+   make install
+   ```
+
+## Configuring Tracee for TraceeCtl
+
+To use TraceeCtl effectively, you need to configure Tracee so that it can communicate with TraceeCtl over a Unix socket. This can be done by running Tracee with the correct gRPC settings:
+
+1. **Run Tracee with gRPC Unix Socket**
+
+   Use the following command to start Tracee with gRPC support over a Unix socket:
+
+   ``` bash
+   tracee --grpc-listen-addr unix:/var/run/tracee.sock
+   ```
+
+   This command sets up Tracee to listen for incoming connections from TraceeCtl at the specified Unix socket path (`/var/run/tracee.sock`). Ensure that this socket path is accessible and not blocked by permissions or other constraints.
+
+## Usage
+
+Once TraceeCtl is installed and Tracee is running, you can use various commands to interact with Tracee. Below are the main commands provided by TraceeCtl:
+
+- Stream Events: traceectl stream
+
+- Events management: traceectl event
+
+- Retrieve Metrics: traceectl metrics
+
+- Check Version: traceectl version
+
+For more inf about the TraceeCtl command please refer to the appoint command documentation
+
+## Flags
+  
+- server: Specifies the connection type, either unix or tcp.
+
+  ``` bash
+  traceectl --server unix:/unix/socket/path.sock
+  ```
+
+- output: Defines the output destination, such as stdout or a file.
+
+  ``` bash
+  traceectl stream --output file:/path/to/output.txt
+  ```
+
+## Summary
+
+- **Install TraceeCtl** by cloning the repository, building, and installing it with `make`.
+- **Configure Tracee** by running it with the appropriate gRPC Unix socket settings.
+- **Use TraceeCtl** to interact with Tracee via commands like `stream`, `event`, `metrics`, and `version`.
