Start tracee without -v for stdout output

aquasecurity · Nov 8, 2019 · c691511 · c691511
1 parent a069238
commit c691511
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -13,7 +13,8 @@ Currently requires
 
 ## Quick Start Instructions
 
-As root: `./start.py -v`
+As root: `./start.py`
+or `./start.py -j` to get the output in json format
 
 Following is an output example of Tracee after running
 `docker run -it --rm alpine sh`

diff --git a/start.py b/start.py
@@ -23,8 +23,8 @@ def parse_args(input_args):
                         help="maximum number of arguments parsed and displayed, defaults to 20")
     parser.add_argument("--ebpf", action="store_true",
                         help=argparse.SUPPRESS)
-    parser.add_argument("-v", "--verbose", action="store_true",
-                        help="print events to stdout")
+    parser.add_argument("-j", "--json", action="store_true",
+                        help="save events in json format")
     # args = parser.parse_args()
     return parser.parse_args(input_args)
 

diff --git a/tracee/container_tracer.py b/tracee/container_tracer.py
@@ -690,7 +690,7 @@ def __init__(self, args):
         self.events = list()
         self.do_trace = True
         self.bpf = None
-        self.verbose = args.verbose
+        self.json = args.json
         self.ebpf = args.ebpf
 
     def init_bpf(self):
@@ -712,7 +712,7 @@ def init_bpf(self):
         self.bpf.attach_kprobe(event="do_exit", fn_name="trace_do_exit")
         self.bpf.attach_kprobe(event="cap_capable", fn_name="trace_cap_capable")
 
-        if self.verbose:
+        if not self.json:
             log.info("%-14s %-12s %-12s %-6s %-16s %-16s %-6s %-6s %-6s %-16s %s" % (
                 "TIME(s)", "MNT_NS", "PID_NS", "UID", "EVENT", "COMM", "PID", "TID", "PPID", "RET", "ARGS"))
 
@@ -1026,7 +1026,7 @@ def print_event(self, cpu, data, size):
         except:
             return
 
-        if self.verbose:
+        if not self.json:
             log.info("%-14f %-12d %-12d %-6d %-16s %-16s %-6d %-6d %-6d %-16d %s" % (
                 context.ts / 1000000.0, context.mnt_id, context.pid_id, context.uid,
                 eventname, comm, pid, tid, ppid, context.retval, " ".join(args)))