Installation / running directly on host #1313
-
|
Unfortunately I haven't found something in the docs if it is supported or possible to run tracee directly on the host. Could you please provide information if this is possible? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Yes, this is definitely possible. You can either run tracee-ebpf as a standalone executable to collect events data, or if you want to run it combined with tracee-rules: You can add/change specific arguments to either tracee-ebpf or tracee-rules as required |
Beta Was this translation helpful? Give feedback.
Yes, this is definitely possible.
You can download prebuilt tracee executables (for x86-64) from https://github.com/aquasecurity/tracee/releases in the assets section, and just run them on your host.
The requirements are the same as described here: https://aquasecurity.github.io/tracee/v0.6.5/install/prerequisites/
You can either run tracee-ebpf as a standalone executable to collect events data, or if you want to run it combined with tracee-rules:
EVENTS=$(./tracee-rules --list-events)./tracee-ebpf --output=format:gob --output=option:parse-arguments --trace event=$EVENTS | ./tracee-rules --input-tracee=file:stdin --input-tracee=format:gobYou can add/change specific arguments to either t…