From 5b115163d38a5dc241577ef5739637027e890cb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Geyslan=20Greg=C3=B3rio?= <geyslan@gmail.com>
Date: Wed, 25 Oct 2023 18:13:08 -0300
Subject: [PATCH] feat(docs): update docs for structured config file

This also changes the default config file to be a structured YAML file
and adds a new example config file 'global_config_cli.yaml'  that uses
the CLI format.
---
 docs/docs/config/kubernetes.md         |  14 ++-
 docs/docs/config/overview.md           |  14 ++-
 examples/config/global_config.yaml     | 160 ++++++++++++++++++-------
 examples/config/global_config_cli.yaml |  21 ++++
 4 files changed, 157 insertions(+), 52 deletions(-)
 create mode 100644 examples/config/global_config_cli.yaml

diff --git a/docs/docs/config/kubernetes.md b/docs/docs/config/kubernetes.md
index 80a68ffa0f0b..82e3699aa5fd 100644
--- a/docs/docs/config/kubernetes.md
+++ b/docs/docs/config/kubernetes.md
@@ -17,20 +17,22 @@ metadata:
 data:
   config.yaml: |-
     cache:
-      - cache-type=mem
-      - mem-cache-size=512
+        type: mem
+        size: 512
     perf-buffer-size: 1024
-    containers: true
     healthz: false
     metrics: true
     pprof: false
     pyroscope: false
     listen-addr: :3366
     log:
-        - info
+        level: info
     output:
-        - json
-        - option:parse-arguments
+        options:
+            parse-arguments: true
+        json:
+            files:
+                - stdout
 ```
 
 ## Customizing
diff --git a/docs/docs/config/overview.md b/docs/docs/config/overview.md
index 8893c15e2dd5..b3e4f9d44162 100644
--- a/docs/docs/config/overview.md
+++ b/docs/docs/config/overview.md
@@ -31,6 +31,15 @@ log:
     - aggregate
 ```
 
+Or in a structured format:
+
+```yaml
+log:
+    level: debug
+    aggregate:
+        enabled: true
+```
+
 ## Reserved Flags
 
 There are a few flags that are reserved for the CLI and cannot be set through the configuration file. These include:
@@ -40,8 +49,9 @@ There are a few flags that are reserved for the CLI and cannot be set through th
 
 To help you get started with configuring Tracee using the `--config` flag, we've provided two example configuration files in the `examples/config` directory of the Tracee repository:
 
-- `examples/config/global_config.json`: This file contains an example configuration in JSON format.
-- `examples/config/global_config.yaml`: This file contains the same example configuration as global_config.json, but in YAML format.
+- `examples/config/global_config.yaml`: This file contains an example configuration in YAML format.
+- `examples/config/global_config_cli.yaml`: This file contains the same example configuration as global_config.yaml, but using cli flags (not structured).
+- `examples/config/global_config.json`: This file contains the same example configuration as global_config_cli.yaml, but in JSON format.
 
 These example files demonstrate how you can set various configuration options using the `--config` flag. You can use these files as a starting point for your own configuration, or as a reference for the available configuration options.
 
diff --git a/examples/config/global_config.yaml b/examples/config/global_config.yaml
index 25ccf73fc9e0..c57996998528 100644
--- a/examples/config/global_config.yaml
+++ b/examples/config/global_config.yaml
@@ -1,64 +1,136 @@
 blob-perf-buffer-size: 1024
 cache:
-    # - none # cache-type={none,mem}
-    - cache-type=none
-    # - mem-cache-size=556
-# cache:
-    # type: mem
-    # size: 256
+    type: none
+    # size: 1024
+
 proctree:
-    # - source=events
-    source: events
-    cache:
-        process: 8192
-        thread: 4096
+    source: none
+    # cache:
+    #     process: 8192
+    #     thread: 4096
+
 capabilities:
-    # - bypass=false
-    # - add=cap_kill,cap_syslog
-    bypass: true
-    add:
-        - cap_sys_admin
-        - cap_syslog
-    drop:
-        - cap_chown
+    bypass: false
+    # add:
+    #     - cap_sys_admin
+    #     - cap_syslog
+    # drop:
+    #     - cap_chown
+
 containers: false
 crs:
-    - containerd:/var/run/containerd/containerd.sock
-    - docker:/var/run/docker.sock
-    - runtime:
-        name: containerd
-        socket: /var/run/containerd/containerd.sock
-    - runtime:
-        name: docker
-        socket: /var/run/docker.sock
-
+    # - runtime:
+    #     name: containerd
+    #     socket: /var/run/containerd/containerd.sock
+    # - runtime:
+    #     name: docker
+    #     socket: /var/run/docker.sock
 
 healthz: false
 install-path: /tmp/tracee
 listen-addr: :3366
 log:
-    - info
+    level: info
+    # file: "/path/to/log/file.log"
+    # aggregate:
+    #     enabled: true
+    #     flush-interval: "5s"
+    # filters:
+    #     libbpf: false
+    #     in:
+    #     msg:
+    #         - SampleMessage1
+    #         - SampleMessage2
+    #     pkg:
+    #         - package1
+    #         - package2
+    #     file:
+    #         - file1.go
+    #         - file2.go
+    #     level:
+    #         - warn
+    #         - error
+    #     regex:
+    #         - ^pattern1
+    #         - ^pattern2
+    #     out:
+    #     msg:
+    #         - ExcludedMessage1
+    #     pkg:
+    #         - excludedPackage
+    #     file:
+    #         - excludedFile.go
+    #     level:
+    #         - debug
+    #     regex:
+    #         - ^excludedPattern
+
 metrics: false
 output:
-    - json
-    # - webhook:HTTP://localhost:8080?timeout=5s
-# output-structured:
-#     - webhook:
-#         name: webhook1
-#         host: http://localhost
-#         port: 8000
-#         timeout: 5s
-#     - webhook:
-#         name: webhook2
-#         host: http://localhost
-#         port: 9000
-#         timeout: 5s
+    json:
+        files:
+            - stdout
+
+    # table:
+    #     files:
+    #         - /path/to/table1.out
+    #         - /path/to/table2.out
+
+    # table-verbose:
+    #     files:
+    #         - stdout
+
+    # gob:
+    #     files:
+    #     - /path/to/gob1.out
+
+    # gotemplate:
+    #     template: /path/to/my_template1.tmpl
+    #     files:
+    #         - /path/to/output1.out
+    #         - /path/to/output2.out
+
+    # forward:
+    #     - forward1:
+    #         protocol: tcp
+    #         user: user
+    #         password: pass
+    #         host: 127.0.0.1
+    #         port: 24224
+    #         tag: tracee1
+    #     - forward2:
+    #         protocol: udp
+    #         user: user
+    #         password: pass
+    #         host: 127.0.0.1
+    #         port: 24225
+    #         tag: tracee2
+
+    # webhook:
+    #     - webhook1:
+    #         protocol: http
+    #         host: localhost
+    #         port: 8000
+    #         timeout: 5s
+    #     - webhook2:
+    #         protocol: http
+    #         host: localhost
+    #         port: 9000
+    #         timeout: 3s
+
+    # options:
+    #     none: false
+    #     stack-addresses: true
+    #     exec-env: false
+    #     relative-time: true
+    #     exec-hash: false
+    #     parse-arguments: true
+    #     sort-events: false
+
 perf-buffer-size: 1024
 pprof: false
 pyroscope: false
 rego:
-    # - partial-eval
-    - aio
     # partial-eval: true
     # aio: true
 signatures-dir: ""
diff --git a/examples/config/global_config_cli.yaml b/examples/config/global_config_cli.yaml
new file mode 100644
index 000000000000..31c9c4d75214
--- /dev/null
+++ b/examples/config/global_config_cli.yaml
@@ -0,0 +1,21 @@
+blob-perf-buffer-size: 1024
+cache:
+    - none
+proctree:
+    - none
+capabilities: []
+containers: false
+crs: []
+healthz: false
+install-path: /tmp/tracee
+listen-addr: :3366
+log:
+    - info
+metrics: false
+output:
+    - json
+perf-buffer-size: 1024
+pprof: false
+pyroscope: false
+rego: []
+signatures-dir: ""