To execute CLI commands, the basic syntax is:
./scope <command> [flags] [options]
To see a list of available commands, enter ./scope
alone, or ./scope -h
, or ./scope --help
. This displays the basic help listing below.
Command line interface for working with Cribl AppScope
Usage:
scope [command]
Available Commands:
dash Display scope dashboard
events Output events for a session
extract Output instrumenting library files to <dir>
help Help about any command
history List scope session history
metrics Output metrics for a session
prune Delete scope history
run Execute a scoped command
version Display scope version
Flags:
-h, --help Help for scope
-v, --verbose count Set verbosity level
Use "scope [command] --help" for more information about a command.
As noted just above, to see a specific command's help or its required parameters, enter:
./scope <command> -h
…or:
./scope help <command> [flags]
.
Displays an interactive dashboard with an overview of what's happening with the selected session.
scope dash [flags]
scope dash
-h, --help help for dash
-i, --id int Display info from specific from session ID (default -1)
Outputs events for a session. You can obtain detailed information about each event by inputting the Event ID as a positional parameter. (By default, the Event ID appears in blue, in []
's at the left.) You can provide filters to narrow down by name (e.g., http
, net
, fs
, or console
), or by field (e.g., fs.open
, stdout
, or net.conn.open
). You can use JavaScript expressions to further refine the query, and to express logic.
scope events [flags] ([eventId])
scope events
scope events -t http
scope events -s stderr
scope events -e 'sourcetype!="net"'
scope events -n 1000 -e 'sourcetype!="console" && source.indexOf("cribl.log") == -1 && (data["file.name"] || "").indexOf("/proc") == -1'
-a, --all Show all events
--allfields Displaying hidden fields
--color Force color on (if tty detection fails or pipeing)
-e, --eval string Evaluate JavaScript expression against event. Must return truthy to print event.
-f, --follow Follow a file, like tail -f
-h, --help help for events
-i, --id int Display info from specific from session ID (default -1)
-j, --json Output as newline delimited JSON
-n, --last int Show last <n> events (default 20)
-m, --match string Display events containing supplied string
-s, --source strings Display events matching supplied sources
-t, --sourcetype strings Display events matching supplied sourcetypes
Outputs ldscope
, libscope.so
, scope.yml
, and scope_protocol.yml
to the provided directory. You can configure these files to instrument any application, and to output the data to any existing tool via simple TCP protocols. The libscope
component can easily be used with any dynamic or static application, regardless of the runtime.
scope extract (<dir>) [flags]
extract
, excrete
, expunge
, extricate
, exorcise
scope extract
scope extract /opt/libscope
-h, --help help for extract
Lists scope session history.
scope history [flags]
history, hist
scope history
-a, --all List all sessions
-d, --dir Output just directory (with -i)
-h, --help help for history
-i, --id int Display info from specific from session ID (default -1)
-n, --last int Show last <n> sessions (default 20)
-r, --running List running sessions
Outputs metrics for a session.
scope metrics [flags]
scope metrics
-c, --cols Display metrics as columns
-g, --graph Graph this metric
-h, --help help for metrics
-i, --id int Display info from specific from session ID (default -1)
-m, --metric strings Display only supplied metrics
-u, --uniq Display first instance of each unique metric
Deletes scope history for this session.
scope prune [flags]
scope prune -k 20
scope prune -a
-a, --all Delete all sessions
-d, --delete int Delete last <delete> sessions (default -1)
-f, --force Do not prompt for confirmation
-h, --help help for prune
-k, --keep int Keep last <keep> sessions (default -1)
Executes a scoped command (or application.
scope run [flags]
scope run /bin/echo "foo"
-h, --help help for run
--passthrough Runs scopec with current environment & no config.
-p, --payloads Capture payloads of network transactions
-v, --verbosity int Set scope metric verbosity (default 4)
Outputs version info.
scope version [flags]
scope version
scope version --date
scope version --summary
--date output just the date
-h, --help help for version
--summary output just the summary
This flag sets the verbosity level. 0
is least verbose, 4
is the default, and 9
is most verbose. For descriptions of individual levels, see Config Files.
scope --verbose <level>
scope -v <level>
scope --verbose <level>
scope -v <level>