Skip to main content

Global Options

These options apply to all commands: 
oisp-sensor [OPTIONS] <COMMAND>

Options:
  -v, --verbose     Increase verbosity (can be repeated: -vv)
  -f, --format      Output format: text, json [default: text]
  -c, --config      Path to configuration file
  -h, --help        Print help
  -V, --version     Print version

Commands

record

Start capturing AI activity. 
oisp-sensor record [OPTIONS]
Options:
OptionDescription
-o, --output <PATH>Output file for JSONL events
--webStart web UI [default: true]
--port <PORT>Web UI port [default: 7777]
--tuiStart terminal UI
-p, --process <NAMES>Filter by process names (comma-separated)
--pid <PIDS>Filter by PIDs (comma-separated)
--redaction <MODE>Redaction mode: safe, full, minimal [default: safe]
--no-sslDisable SSL/TLS capture
--no-processDisable process capture
--no-fileDisable file capture
--no-networkDisable network capture
--ebpf-path <PATH>Path to eBPF bytecode (Linux)
--libssl-path <PATH>Path to libssl.so (Linux)
Examples: 
# Basic recording
sudo oisp-sensor record

# Record to file
sudo oisp-sensor record --output events.jsonl

# Filter by process
sudo oisp-sensor record --process python,node

# Different port
sudo oisp-sensor record --port 8080

# Full capture (no redaction)
sudo oisp-sensor record --redaction full

# Minimal capture
sudo oisp-sensor record --no-file --no-network

show

Display captured events. 
oisp-sensor show [OPTIONS] <INPUT>
Options:
OptionDescription
--type <TYPE>Filter by event type
--process <NAME>Filter by process name
--since <TIME>Events after timestamp
--until <TIME>Events before timestamp
--limit <N>Maximum events to show
--followFollow file for new events (like tail -f)
--statsShow statistics instead of events
Examples: 
# Show all events
oisp-sensor show events.jsonl

# Filter by type
oisp-sensor show events.jsonl --type ai.request

# Last 10 events
oisp-sensor show events.jsonl --limit 10

# Statistics
oisp-sensor show events.jsonl --stats

# Follow file
oisp-sensor show events.jsonl --follow

analyze

Analyze captured events for patterns and insights. 
oisp-sensor analyze [OPTIONS] <INPUT>
Options:
OptionDescription
--format <FORMAT>Output format: text, json, csv
--report <TYPE>Report type: summary, costs, providers, models
Examples: 
# Summary analysis
oisp-sensor analyze events.jsonl

# Cost breakdown
oisp-sensor analyze events.jsonl --report costs

# Provider usage
oisp-sensor analyze events.jsonl --report providers

# JSON output
oisp-sensor analyze events.jsonl --format json

status

Check system capabilities and sensor status. 
oisp-sensor status
Output example (Linux): 
OISP Sensor Status
==================

Platform: Linux x86_64
Kernel: 6.1.0-generic

Capabilities:
  Root/CAP_BPF:     Yes
  eBPF Support:     Yes
  BTF Available:    Yes
  libssl Found:     /lib/x86_64-linux-gnu/libssl.so.3

Ready to capture!
Output example (macOS): 
OISP Sensor Status
==================

Platform: macOS arm64

Capabilities:
  System Extension:  Not installed
  Full Disk Access:  Unknown

Note: Full capture requires system extension (coming soon)
Demo mode available: oisp-sensor demo

demo

Run with synthetic events (no capture required). 
oisp-sensor demo [OPTIONS]
Options:
OptionDescription
--port <PORT>Web UI port [default: 7777]
--rate <N>Events per second [default: 1]
Examples: 
# Start demo
oisp-sensor demo

# Higher event rate
oisp-sensor demo --rate 5

test

Run internal tests and diagnostics. 
oisp-sensor test [OPTIONS]
Options:
OptionDescription
--captureTest capture capabilities
--exportTest export destinations
--allRun all tests

Exit Codes

CodeMeaning
0Success
1General error
2Invalid arguments
3Permission denied
4Capture not supported

Environment Variables

VariableDescription
OISP_CONFIGPath to config file
OISP_WEB_PORTWeb UI port
RUST_LOGLog level (error, warn, info, debug, trace)
NO_COLORDisable colored output

Signals

SignalAction
SIGINT (Ctrl+C)Graceful shutdown
SIGTERMGraceful shutdown
SIGHUPReload configuration (planned)

Logging

Control log verbosity: 
# Default (info)
oisp-sensor record

# Debug
RUST_LOG=debug oisp-sensor record

# Trace (very verbose)
RUST_LOG=trace oisp-sensor record

# Per-module
RUST_LOG=oisp_capture_ebpf=debug,oisp_decode=trace oisp-sensor record