diff --git a/cmd/traceectl/cmd/stream.go b/cmd/traceectl/cmd/stream.go index 1ab19f04a17a..83c96ed47f4c 100644 --- a/cmd/traceectl/cmd/stream.go +++ b/cmd/traceectl/cmd/stream.go @@ -13,7 +13,7 @@ import ( ) var streamCmd = &cobra.Command{ - Use: "stream [policies...]", + Use: "stream", Short: "Stream events from tracee", Long: `Stream Management: Stream events directly from tracee to the preferred output format. @@ -47,5 +47,8 @@ func init() { if err := viper.BindPFlag(flags.OutputFlag, streamCmd.Flags().Lookup(flags.OutputFlag)); err != nil { panic(err) } - // streamCmd.Flags().String("policy") + streamCmd.Flags().StringSlice(flags.PolicyFlag, []string{""}, "Specify the policies for streamed events.") + if err := viper.BindPFlag(flags.PolicyFlag, streamCmd.Flags().Lookup(flags.PolicyFlag)); err != nil { + panic(err) + } } diff --git a/cmd/traceectl/pkg/cmd/cobra/stream.go b/cmd/traceectl/pkg/cmd/cobra/stream.go index dfda5b92d55c..aedb122f6aec 100644 --- a/cmd/traceectl/pkg/cmd/cobra/stream.go +++ b/cmd/traceectl/pkg/cmd/cobra/stream.go @@ -32,6 +32,11 @@ func GetStream(cmdCobra *cobra.Command) (cmd.Stream, error) { return stream, err } + policies, err := flags.PreparePolicy(viper.GetStringSlice(flags.PolicyFlag)) + if err != nil { + return stream, err + } + // // Create stream runner // @@ -42,6 +47,7 @@ func GetStream(cmdCobra *cobra.Command) (cmd.Stream, error) { } stream.Printer = p stream.Server = server + stream.Policies = policies stream.Config.Printer = config.PrinterConfig{ Kind: format, OutPath: output.Path, diff --git a/cmd/traceectl/pkg/cmd/flags/policy.go b/cmd/traceectl/pkg/cmd/flags/policy.go new file mode 100644 index 000000000000..1d6bf3237cbc --- /dev/null +++ b/cmd/traceectl/pkg/cmd/flags/policy.go @@ -0,0 +1,12 @@ +package flags + +import "fmt" + +const PolicyFlag = "policy" + +func PreparePolicy(policySlice []string) ([]string, error) { + if len(policySlice) > 0 { + return policySlice, nil + } + return nil, fmt.Errorf("policy cannot be empty") +} diff --git a/cmd/traceectl/pkg/cmd/stream.go b/cmd/traceectl/pkg/cmd/stream.go index 0b173057d569..de59137cba77 100644 --- a/cmd/traceectl/pkg/cmd/stream.go +++ b/cmd/traceectl/pkg/cmd/stream.go @@ -14,9 +14,10 @@ import ( ) type Stream struct { - Config config.Config - Server *client.Server - Printer printer.EventPrinter + Config config.Config + Server *client.Server + Printer printer.EventPrinter + Policies []string } func (s Stream) Run() error { @@ -35,7 +36,7 @@ func (s Stream) Run() error { errChan := make(chan error) go func() { - stream, err := s.Server.StreamEvents(ctx, &pb.StreamEventsRequest{Policies: []string{""}}) + stream, err := s.Server.StreamEvents(ctx, &pb.StreamEventsRequest{Policies: s.Policies}) if err != nil { errChan <- fmt.Errorf("error calling Stream: %s", err) return diff --git a/docs/traceectl/commands/stream.md b/docs/traceectl/commands/stream.md index 88a7e08bf606..a7b74bd44921 100644 --- a/docs/traceectl/commands/stream.md +++ b/docs/traceectl/commands/stream.md @@ -10,12 +10,25 @@ The `stream` command is structured as follows: traceectl stream [flags] ``` +- **`--policy`**: Specifies the policies to stream from (default is `""`). - **`--format`**: Specifies the format (default is `table`). - **`--server`**: Specifies the server unix socket path (default is `/var/run/tracee.sock`) - **`--output`**: Specifies the output (default is `stdout`) ## Examples +- **Stream Events in JSON Format with a Specific Policy and different unix socket** + + ```sh + traceectl stream --format json --server /tmp/tracee.sock --policy policy1 policy2 + ``` + +- **Stream Events to file** + + ```sh + traceectl stream --output /path/to/file + ``` + - **Stream Events in JSON Format** ```sh diff --git a/docs/traceectl/flags/policy.md b/docs/traceectl/flags/policy.md new file mode 100644 index 000000000000..e693d7182782 --- /dev/null +++ b/docs/traceectl/flags/policy.md @@ -0,0 +1,23 @@ +# `policy` Flag + +The `--policy` flag is used to specify the polices to include for the command's stream events. If this flag is set it must have a valid policy name loaded into tracee. + +- **""**: This is the default policy, which means that the command's streamed events will display on the terminal all events capture by tracee. This is convenient for users who want to see immediate results directly in their console. + + Example: + + ```sh + traceectl stream --policy policy1 + ``` + + In this example, the command outputs the streamed events from a specific policy to the terminal. + +- **Multi Policy**: You can use the `--policy` flag to specify multiple policies to include for the command's stream events. This is useful if you want to make batter analysis for different needs + + Example: + + ```sh + traceectl stream --policy policy1 policy2 + ``` + +In this example, the command outputs the streamed events from a specific policies to the terminal. This is especially helpful for logging purposes or when working with large amounts of data that need to be sorted for further processing.