Add traceectl to tracee

[ShohamBit]

1. What does this PR do?

• Adds traceectl as a new CLI tool for interacting with Tracee.
• Implements basic commands to interact with Tracee through gRPC.

2. How to test it

1. Compile and run Tracee with the gRPC service configuration:

   make tracee

   Then start Tracee with the following command:

   tracee --grpc-listen-addr unix:/tmp/tracee.sock

2. Run traceectl:

   go run ./cmd/traceectl/main.go

   This will display the help command. Other supported commands include:

   • version
   • metrics
   • stream
   • event

This version is more organized, with clearer instructions on testing and usage.

[NDStrahilevitz]

There's a bunch of commented code inside, is this meant to be WIP or draft?

[ShohamBit]

There's a bunch of commented code inside, is this meant to be WIP or draft?

You are right to note that out, traceectl is an in work in process stat. The commends you refer to are part of the easy to pick up method I use when I code.

[rscampos]

Hey @ShohamBit , congrats for the new tool :)

I did a quick review and have some suggestions. If anything doesn’t align, please let me know!

Frontend:

• nit: some commands descriptions start with uppercase letters while and others with lowercase... maybe its good to standardize this:

  metrics     Display Tracee metrics
  plugin      plugin management for traceectl

• when we do help for some commands (stream, policy, plugin), would be good to start with a description. Just after the description add some example of usages. Some commands starts with example of usage without description.

Functionality:
I'll start with these four commands:

• version
• metrics
• stream
• event

version
version worked well

metrics
metrics worked well

• output format
  Tried to output a format but got this error. Is it already implemented?

sudo go run main.go metrics --output json
Error: unknown flag: --output

stream

• issue during stream create
  Wasn't able to create a stream. Am I doing something wrong? Maybe here would be good to able add example of a full command since there are some flags.

sudo go run main.go stream create --name test
Error: unknown flag: --name

Note: I'll revisit this subcommand to test other options after successfully creating a stream.

event

• describe
  Maybe removing "definitions:" and add double quote on the keys

definitions:{id:732  name:"security_file_open"  version:{major:1}  tags:"lsm_hooks"  tags:"fs"  tags:"fs_file_ops"}

• disable/enable
  Worked. Have a doubt: Am I able to disable/enable only the subset of the events used when start Tracee, right?
  Maybe would be good to have a option to list all possibles events and the status of each one... if they are disabled or enabled.

• Run
  Think this option is not suppose to work now, right?

[ShohamBit]

Hey @rscampos, thank you for your review! I appreciate the feedback and will work on implementing some of the suggested changes.

I wanted to clarify a few points regarding the traceectl commands:

• tracee currently doesn't fully support all traceectl commands. For instance:
  • The metrics command doesn't have an output flag; it only supports the current output behavior.
  • The stream command doesn't support any subcommands; it only streams events directly from tracee.
  • The event command doesn't support the run option, as tracee doesn't support it either. Additionally, enable and disable don't have any effect on the tracee side.

I'll make sure to address these points and provide a clearer documentation. Thanks again for your valuable input!