Skip to content

Commit

Permalink
added docs to traceectl flags
Browse files Browse the repository at this point in the history
  • Loading branch information
@ShohamBit
ShohamBit committed Dec 3, 2024
1 parent 70e1142 commit 951073f
Show file tree
Hide file tree
Showing 4 changed files with 105 additions and 10 deletions.
29 changes: 29 additions & 0 deletions docs/docs/traceectl/flags/format.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# `format` Flag

The `--format` flag in **TraceeCtl** is used to specify the output format for certain commands. Currently, this flag supports the following values for the `stream`, `event list`, and `event describe` commands:

- **`json`**: Outputs the data in JSON format, which is useful for automated processing or integration with other tools that consume JSON.

Example:

```sh
traceectl event list --format json
```

In this example, the command lists all available events and outputs them in JSON format.

- **`table`**: Outputs the data in a tabular format, which is easier to read for users viewing the output directly in the terminal.

Example:

```sh
traceectl stream --format table
```

In this example, the command streams events from Tracee and displays them in a table format, making it more human-readable.

The `--format` flag is helpful for customizing the output to meet different requirements, whether for readability or integration with other tools.

## Default Format

The default format for the `--format` flag is **table**. If no format is specified, the output will be displayed in a tabular format, which is more human-readable for most users.
23 changes: 23 additions & 0 deletions docs/docs/traceectl/flags/output.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# `output` Flag

The `--output` flag is used to specify the destination for the command's output. This flag can be set to **stdout** or a file location.

- **stdout**: This is the default output destination, which means that the command's output will be displayed on the terminal. This is convenient for users who want to see immediate results directly in their console.

Example:

```sh
traceectl stream --output stdout
```

In this example, the command outputs the streamed events to the terminal.

- **File Output**: You can use the `--output` flag to direct the output to a specific file. This is useful if you want to save the output for later analysis or for documentation purposes.

Example:

```sh
traceectl stream --output file:/path/to/output.txt
```

In this example, the command saves the streamed events to the file located at `/path/to/output.txt`. This is especially helpful for logging purposes or when working with large amounts of data that need to be stored for further processing.
23 changes: 23 additions & 0 deletions docs/docs/traceectl/flags/server.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# `server` Flag

The `--server` flag in **TraceeCtl** is used to specify the connection type that TraceeCtl should use to communicate with the Tracee server. This connection type can be either **Unix socket** or **TCP**.

- **Unix Socket**: This type of connection is generally used for local inter-process communication. It provides a secure and efficient means to connect to Tracee when both client and server are on the same machine.

Example:

```sh
traceectl --server unix:/unix/socket/path.sock
```

In this example, `unix:/unix/socket/path.sock` is the Unix socket path where the Tracee server is listening. Using Unix sockets is beneficial for security and performance since it avoids the overhead associated with network communication.

- **TCP**: This type of connection allows TraceeCtl to communicate with the Tracee server over a network. It is useful when TraceeCtl and Tracee are running on different machines or when you need to connect to a remote Tracee instance.

Example:

```sh
traceectl --server tcp:4466
```

In this example, `tcp:4466` is the address and port of the Tracee server. This is a typical setup for remote monitoring or when the server and client need to be distributed across different hosts.
40 changes: 30 additions & 10 deletions docs/docs/traceectl/usage.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,16 @@

To use **TraceeCtl**, you first need to compile and install the tool. Follow these steps to get started:

1. **Clone the Repository**
### 1. **Clone the Repository**

Begin by cloning the Tracee repository to your local machine and navigating to traceectl:

``` bash
git clone [URL-to-your-repo](https://github.com/aquasecurity/tracee.git)
git clone https://github.com/aquasecurity/tracee.git
cd cmd/traceectl
```

2. **Build and Install**
### 2. **Build and Install**

Compile and install TraceeCtl using the following commands:

Expand All @@ -26,15 +26,33 @@ To use **TraceeCtl**, you first need to compile and install the tool. Follow the

To use TraceeCtl effectively, you need to configure Tracee so that it can communicate with TraceeCtl over a Unix socket. This can be done by running Tracee with the correct gRPC settings:

1. **Run Tracee with gRPC Unix Socket**
### 1. **Run Tracee with gRPC Unix Socket**

Use the following command to start Tracee with gRPC support over a Unix socket:
Use the following command to start Tracee with gRPC support over a Unix socket:

``` bash
tracee --grpc-listen-addr unix:/var/run/tracee.sock
```
``` bash
tracee --grpc-listen-addr unix:/var/run/tracee.sock
```

This command sets up Tracee to listen for incoming connections from TraceeCtl at the specified Unix socket path (`/var/run/tracee.sock`). Ensure that this socket path is accessible and not blocked by permissions or other constraints.

### 2. **Output Flag Configuration**

The `--output` flag in Tracee allows you to configure how data from Tracee is presented. Among the available options, you can specify `none` for minimal output, which can be useful for scenarios where bandwidth or latency considerations are critical. For example:

This command sets up Tracee to listen for incoming connections from TraceeCtl at the specified Unix socket path (`/var/run/tracee.sock`). Ensure that this socket path is accessible and not blocked by permissions or other constraints.
``` bash
tracee --output none
```

#### Why Use `--output none`?

- **Reduced Bandwidth Usage:** By suppressing output, you can minimize the data transferred over the Unix socket, which is especially helpful in environments with limited resources.
- **Lower Latency:** With no data formatting or transmission overhead, the interaction between TraceeCtl and Tracee becomes faster.

Use this mode for performance testing, silent monitoring, or when integrating TraceeCtl with other systems that handle data processing separately.

This command sets up Tracee to listen for incoming connections from TraceeCtl at the specified Unix socket path (`/var/run/tracee.sock`).
Ensure that this socket path is accessible and not blocked by permissions or other constraints.

## Usage

Expand All @@ -48,7 +66,7 @@ Once TraceeCtl is installed and Tracee is running, you can use various commands

- Check Version: traceectl version

For more inf about the TraceeCtl command please refer to the appoint command documentation
For more info about the TraceeCtl command please refer to the appoint command documentation

## Flags

Expand All @@ -64,6 +82,8 @@ For more inf about the TraceeCtl command please refer to the appoint command doc
traceectl stream --output file:/path/to/output.txt
```

For more info about the TraceeCtl flags please refer to the appoint flag documentation

## Summary

- **Install TraceeCtl** by cloning the repository, building, and installing it with `make`.
Expand Down

0 comments on commit 951073f

Please sign in to comment.