-
Notifications
You must be signed in to change notification settings - Fork 393
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
280 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,37 @@ | ||
# Output Options | ||
|
||
Tracee-eBPF supports different output formats. For example, to choose json output, use `--output json`. | ||
Control how and where output is printed. | ||
|
||
To tell it to write events to a file instead of stdout, use `--output out-file:/path/to/file`. | ||
## CLI Options | ||
|
||
For a full list of output options, run `--output help`. | ||
CLI Option | Description | ||
--- | --- | ||
`[format:]{table,table-verbose,json,gob,gotemplate=/path/to/template}` | output events in the specified format. for gotemplate, specify the mandatory template file | ||
`out-file:/path/to/file` | write the output to a specified file. the path to the file will be created if not existing and the file will be deleted if existing (deafult: stdout) | ||
`err-file:/path/to/file` | write the errors to a specified file. the path to the file will be created if not existing and the file will be deleted if existing (deafult: stderr) | ||
`option:{stack-addresses,detect-syscall,exec-env}` | augment output according to given options (default: none) | ||
stack-addresses | include stack memory addresses for each event | ||
detect-syscall | when tracing kernel functions which are not syscalls, detect and show the original syscall that called that function | ||
exec-env | when tracing execve/execveat, show the environment variables that were used for execution | ||
|
||
(Use this flag multiple times to choose multiple capture options) | ||
|
||
## Examples | ||
|
||
output as json | ||
|
||
``` | ||
--output json | ||
``` | ||
|
||
output as the provided go template | ||
|
||
``` | ||
--output gotemplate=/path/to/my.tmpl | ||
``` | ||
|
||
output to `/my/out` and errors to `/my/err` | ||
|
||
``` | ||
--output out-file:/my/out err-file:/my/err | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters