diff --git a/docs/docs/traceectl/flags/format.md b/docs/docs/traceectl/flags/format.md new file mode 100644 index 000000000000..c8ff35b13b7e --- /dev/null +++ b/docs/docs/traceectl/flags/format.md @@ -0,0 +1,29 @@ +# `format` Flag + +The `--format` flag in **TraceeCtl** is used to specify the output format for certain commands. Currently, this flag supports the following values for the `stream`, `event list`, and `event describe` commands: + +- **`json`**: Outputs the data in JSON format, which is useful for automated processing or integration with other tools that consume JSON. + + Example: + + ```sh + traceectl event list --format json + ``` + + In this example, the command lists all available events and outputs them in JSON format. + +- **`table`**: Outputs the data in a tabular format, which is easier to read for users viewing the output directly in the terminal. + + Example: + + ```sh + traceectl stream --format table + ``` + + In this example, the command streams events from Tracee and displays them in a table format, making it more human-readable. + +The `--format` flag is helpful for customizing the output to meet different requirements, whether for readability or integration with other tools. + +## Default Format + +The default format for the `--format` flag is **table**. If no format is specified, the output will be displayed in a tabular format, which is more human-readable for most users. diff --git a/docs/docs/traceectl/flags/output.md b/docs/docs/traceectl/flags/output.md new file mode 100644 index 000000000000..59125ffab997 --- /dev/null +++ b/docs/docs/traceectl/flags/output.md @@ -0,0 +1,23 @@ +# `output` Flag + +The `--output` flag is used to specify the destination for the command's output. This flag can be set to **stdout** or a file location. + +- **stdout**: This is the default output destination, which means that the command's output will be displayed on the terminal. This is convenient for users who want to see immediate results directly in their console. + + Example: + + ```sh + traceectl stream --output stdout + ``` + + In this example, the command outputs the streamed events to the terminal. + +- **File Output**: You can use the `--output` flag to direct the output to a specific file. This is useful if you want to save the output for later analysis or for documentation purposes. + + Example: + + ```sh + traceectl stream --output file:/path/to/output.txt + ``` + + In this example, the command saves the streamed events to the file located at `/path/to/output.txt`. This is especially helpful for logging purposes or when working with large amounts of data that need to be stored for further processing. diff --git a/docs/docs/traceectl/flags/server.md b/docs/docs/traceectl/flags/server.md new file mode 100644 index 000000000000..416dfd36a997 --- /dev/null +++ b/docs/docs/traceectl/flags/server.md @@ -0,0 +1,23 @@ +# `server` Flag + +The `--server` flag in **TraceeCtl** is used to specify the connection type that TraceeCtl should use to communicate with the Tracee server. This connection type can be either **Unix socket** or **TCP**. + +- **Unix Socket**: This type of connection is generally used for local inter-process communication. It provides a secure and efficient means to connect to Tracee when both client and server are on the same machine. + + Example: + + ```sh + traceectl --server unix:/unix/socket/path.sock + ``` + + In this example, `unix:/unix/socket/path.sock` is the Unix socket path where the Tracee server is listening. Using Unix sockets is beneficial for security and performance since it avoids the overhead associated with network communication. + +- **TCP**: This type of connection allows TraceeCtl to communicate with the Tracee server over a network. It is useful when TraceeCtl and Tracee are running on different machines or when you need to connect to a remote Tracee instance. + + Example: + + ```sh + traceectl --server tcp:4466 + ``` + + In this example, `tcp:4466` is the address and port of the Tracee server. This is a typical setup for remote monitoring or when the server and client need to be distributed across different hosts. diff --git a/docs/docs/traceectl/usage.md b/docs/docs/traceectl/usage.md index 04aab7d0f9fa..03b78e1b1f12 100644 --- a/docs/docs/traceectl/usage.md +++ b/docs/docs/traceectl/usage.md @@ -48,7 +48,7 @@ Once TraceeCtl is installed and Tracee is running, you can use various commands - Check Version: traceectl version -For more inf about the TraceeCtl command please refer to the appoint command documentation +For more info about the TraceeCtl command please refer to the appoint command documentation ## Flags @@ -64,6 +64,8 @@ For more inf about the TraceeCtl command please refer to the appoint command doc traceectl stream --output file:/path/to/output.txt ``` +For more info about the TraceeCtl flags please refer to the appoint flag documentation + ## Summary - **Install TraceeCtl** by cloning the repository, building, and installing it with `make`.