docs: modifying output section based on comments in PR

Signed-off-by: AnaisUrlichs <[email protected]>
aquasecurity · Nov 2, 2023 · ea3bd60 · ea3bd60
1 parent 4d74218
commit ea3bd60
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 14 deletions.
diff --git a/docs/docs/outputs/logging.md b/docs/docs/outputs/logging.md
@@ -27,7 +27,8 @@ log:
 log:
     level: debug
     aggregate:
-        flush-interval: "5s"
+        enabled: true
+        flush-interval: "10s"
         
 ```
 

diff --git a/docs/docs/outputs/output-formats.md b/docs/docs/outputs/output-formats.md
@@ -2,17 +2,6 @@
 
 It is possible to define how the events that Tracee collects should be displayed. This is done through the Tracee configuration. You can read more on configuration in the [Tracee installation guide.](../install/index.md)
 
-The following output formats are supported:
-
-- `table[:/path/to/file]` - output events in table format (default). The default path to file is stdout.
-- `table-verbose[:/path/to/file]` - output events in table format with extra fields per event. The default path to file is stdout.
-- `json[:/path/to/file]` - output events in json format. The default path to file is stdout.
-- `gob[:/path/to/file]` - output events in gob format. The default path to file is stdout.
-- `gotemplate=/path/to/template[:/path/to/file]` - output events formatted using a given gotemplate file. The default path to file is stdout.
-- `forward:http://url/fluent` - send events in json format using the Forward protocol to a Fluent receiver
-- `webhook:http://url/webhook` - send events in json format to the webhook url
-- `none` - ignore stream of events output, usually used with --capture
-
 Note that only one output format can be used in the Tracee configuration.
 
 ## Examples
@@ -21,6 +10,8 @@ The following examples will have to be added into a Tracee configuration file.
 
 ### Table
 
+Displays output events in table format, which is the default. The default path to a file is stdout.
+
 In the CLI:
 
 ```yaml
@@ -33,6 +24,8 @@ output:
 
 ### Table (Verbose)
 
+Displays the output events in table format with extra fields per event. The default path to a file is stdout.
+
 In the CLI:
 
 ```yaml
@@ -44,6 +37,8 @@ output:
 
 ### JSON
 
+Displays output events in json format. The default path to a file is stdout.
+
 ```yaml
 output:
     json:
@@ -82,6 +77,8 @@ output:
 
 ### Webhook
 
+This sends events in json format to the webhook url
+
 Below is an example for configuring webhooks in the Tracee output section:
 
 ```
@@ -107,6 +104,8 @@ Note: Please ensure that the respective fields will have to be uncommented.
 
 ### Forward
 
+This sends events in json format using the Forward protocol to a Fluent receiver.
+
 Below is an example for forwarding Tracee logs: 
 
 ```
@@ -129,3 +128,14 @@ output:
 ```
 
 Note: Please ensure that the respective fields will have to be uncommented.
+
+### GOB
+
+This outputs events in gob format. The default path to file is stdout.
+
+```
+output:
+    gob:
+        files:
+            - /path/to/gob1.out
+```
diff --git a/docs/docs/outputs/output-options.md b/docs/docs/outputs/output-options.md
@@ -52,7 +52,7 @@ Available options:
     ```
 5. **option:relative-time**
 
-    The `relative-time` output option filters all the events since the boot time of the system.
+    The `relative-time` output option enables relative timestamp instead of wall timestamp for events.
 
     ```
     output:
@@ -67,5 +67,5 @@ Available options:
     ```
     output:
         options:
-                sort-events: false
+                sort-events: true
     ```