-
Notifications
You must be signed in to change notification settings - Fork 431
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
78 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| # `format` Flag | ||
|
|
||
| The `--format` flag in **TraceeCtl** is used to specify the output format for certain commands. Currently, this flag supports the following values for the `stream`, `event list`, and `event describe` commands: | ||
|
|
||
| - **`json`**: Outputs the data in JSON format, which is useful for automated processing or integration with other tools that consume JSON. | ||
|
|
||
| Example: | ||
|
|
||
| ```sh | ||
| traceectl event list --format json | ||
| ``` | ||
|
|
||
| In this example, the command lists all available events and outputs them in JSON format. | ||
|
|
||
| - **`table`**: Outputs the data in a tabular format, which is easier to read for users viewing the output directly in the terminal. | ||
|
|
||
| Example: | ||
|
|
||
| ```sh | ||
| traceectl stream --format table | ||
| ``` | ||
|
|
||
| In this example, the command streams events from Tracee and displays them in a table format, making it more human-readable. | ||
|
|
||
| The `--format` flag is helpful for customizing the output to meet different requirements, whether for readability or integration with other tools. | ||
|
|
||
| ## Default Format | ||
|
|
||
| The default format for the `--format` flag is **table**. If no format is specified, the output will be displayed in a tabular format, which is more human-readable for most users. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # `output` Flag | ||
|
|
||
| The `--output` flag is used to specify the destination for the command's output. This flag can be set to **stdout** or a file location. | ||
|
|
||
| - **stdout**: This is the default output destination, which means that the command's output will be displayed on the terminal. This is convenient for users who want to see immediate results directly in their console. | ||
|
|
||
| Example: | ||
|
|
||
| ```sh | ||
| traceectl stream --output stdout | ||
| ``` | ||
|
|
||
| In this example, the command outputs the streamed events to the terminal. | ||
|
|
||
| - **File Output**: You can use the `--output` flag to direct the output to a specific file. This is useful if you want to save the output for later analysis or for documentation purposes. | ||
|
|
||
| Example: | ||
|
|
||
| ```sh | ||
| traceectl stream --output file:/path/to/output.txt | ||
| ``` | ||
|
|
||
| In this example, the command saves the streamed events to the file located at `/path/to/output.txt`. This is especially helpful for logging purposes or when working with large amounts of data that need to be stored for further processing. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # `server` Flag | ||
|
|
||
| The `--server` flag in **TraceeCtl** is used to specify the connection type that TraceeCtl should use to communicate with the Tracee server. This connection type can be either **Unix socket** or **TCP**. | ||
|
|
||
| - **Unix Socket**: This type of connection is generally used for local inter-process communication. It provides a secure and efficient means to connect to Tracee when both client and server are on the same machine. | ||
|
|
||
| Example: | ||
|
|
||
| ```sh | ||
| traceectl --server unix:/unix/socket/path.sock | ||
| ``` | ||
|
|
||
| In this example, `unix:/unix/socket/path.sock` is the Unix socket path where the Tracee server is listening. Using Unix sockets is beneficial for security and performance since it avoids the overhead associated with network communication. | ||
|
|
||
| - **TCP**: This type of connection allows TraceeCtl to communicate with the Tracee server over a network. It is useful when TraceeCtl and Tracee are running on different machines or when you need to connect to a remote Tracee instance. | ||
|
|
||
| Example: | ||
|
|
||
| ```sh | ||
| traceectl --server tcp:4466 | ||
| ``` | ||
|
|
||
| In this example, `tcp:4466` is the address and port of the Tracee server. This is a typical setup for remote monitoring or when the server and client need to be distributed across different hosts. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters