docs: update outdated docs (#2802)

* docs: update output docs
* fix gotemplate
* remove webhook outdated doc
* remove postee outdated doc

docs/docs/outputs/output-formats.md

@@ -1,27 +1,34 @@
 # Tracing Output Formats
 
-In order to check latest output options you may execute:
+The `--output` flag controls where and how Tracee will output events, by specifying `--output <format>:<destination>`.  You can use the `--output` flag multiple times to output events in multiple ways. To see all output options you can run `tracee --output help`.
 
-```text
-$ sudo ./dist/tracee --output help
-```
+The following output formats are supported:
 
-Tracee supports different output formats for detected events:
+- `table[:/path/to/file]` - output events in table format (default). The default path to file is stdout.
+- `table-verbose[:/path/to/file]` - output events in table format with extra fields per event. The default path to file is stdout.
+- `json[:/path/to/file]` - output events in json format. The default path to file is stdout.
+- `gob[:/path/to/file]` - output events in gob format. The default path to file is stdout.
+- `gotemplate=/path/to/template[:/path/to/file]` - output events formatted using a given gotemplate file. The default path to file is stdout.
+- `forward:http://url/fluent` - send events in json format using the Forward protocol to a Fluent receiver
+- `webhook:http://url/webhook` - send events in json format to the webhook url
+- `none` - ignore stream of events output, usually used with --capture
 
-1. **Table**
+## Examples
 
-    ```text
-    $ sudo ./dist/tracee --output table --filter comm=bash --filter follow --filter event=openat
-    TIME             UID    COMM             PID     TID     RET              EVENT                ARGS
-    11:21:51:254199  1000   exa              1639459 1639459 3                openat               dirfd: -100, pathname: /etc/ld.so.cache, flags: O_RDONLY|O_CLOEXEC, mode: 0
-    11:21:51:254285  1000   exa              1639459 1639459 3                openat               dirfd: -100, pathname: /lib/x86_64-linux-gnu/libgcc_s.so.1, flags: O_RDONLY|O_CLOEXEC, mode: 0
-    11:21:51:254418  1000   exa              1639459 1639459 3                openat               dirfd: -100, pathname: /lib/x86_64-linux-gnu/libm.so.6, flags: O_RDONLY|O_CLOEXEC, mode: 0
-    
-    End of events stream
-    Stats: {EventCount:3 EventsFiltered:0 NetCapCount:0 BPFLogsCount:0 ErrorCount:0 LostEvCount:0 LostWrCount:0 LostNtCapCount:0 LostBPFLogsCount:0}
-    ```
+### Table
+
+```text
+$ sudo ./dist/tracee --output table --filter comm=bash --filter follow --filter event=openat
+TIME             UID    COMM             PID     TID     RET              EVENT                ARGS
+11:21:51:254199  1000   exa              1639459 1639459 3                openat               dirfd: -100, pathname: /etc/ld.so.cache, flags: O_RDONLY|O_CLOEXEC, mode: 0
+11:21:51:254285  1000   exa              1639459 1639459 3                openat               dirfd: -100, pathname: /lib/x86_64-linux-gnu/libgcc_s.so.1, flags: O_RDONLY|O_CLOEXEC, mode: 0
+11:21:51:254418  1000   exa              1639459 1639459 3                openat               dirfd: -100, pathname: /lib/x86_64-linux-gnu/libm.so.6, flags: O_RDONLY|O_CLOEXEC, mode: 0
+
+End of events stream
+Stats: {EventCount:3 EventsFiltered:0 NetCapCount:0 BPFLogsCount:0 ErrorCount:0 LostEvCount:0 LostWrCount:0 LostNtCapCount:0 LostBPFLogsCount:0}
+```
 
-2. **Table (Verbose)**
+### Table (Verbose)
 
     ```text
     $ sudo ./dist/tracee --output table-verbose --filter comm=bash --filter follow --filter event=openat
@@ -34,61 +41,44 @@ Tracee supports different output formats for detected events:
     Stats: {EventCount:3 EventsFiltered:0 NetCapCount:0 BPFLogsCount:0 ErrorCount:0 LostEvCount:0 LostWrCount:0 LostNtCapCount:0 LostBPFLogsCount:0}
     ```
 
-3. **JSON**
-
-    ```text
-    $ sudo ./dist/tracee --output json --filter comm=bash --filter follow --filter event=openat
-    ```
-
-    ```json
-    {"timestamp":1657290245020855990,"threadStartTime":615325807626168,"processorId":22,"processId":1664936,"cgroupId":1,"threadId":1664936,"parentProcessId":3795408,"hostProcessId":1664936,"hostThreadId":1664936,"hostParentProcessId":3795408,"userId":1000,"mountNamespace":4026531840,"pidNamespace":4026531836,"processName":"exa","hostName":"fujitsu","containerId":"","containerImage":"","containerName":"","podName":"","podNamespace":"","podUID":"","eventId":"257","eventName":"openat","argsNum":4,"returnValue":3,"stackAddresses":null,"syscall":"openat","contextFlags":{"containerStarted":false,"isCompat":false},"args":[{"name":"dirfd","type":"int","value":-100},{"name":"pathname","type":"const char*","value":"/etc/ld.so.cache"},{"name":"flags","type":"int","value":524288},{"name":"mode","type":"mode_t","value":0}]}
-    {"timestamp":1657290245020940791,"threadStartTime":615325807626168,"processorId":22,"processId":1664936,"cgroupId":1,"threadId":1664936,"parentProcessId":3795408,"hostProcessId":1664936,"hostThreadId":1664936,"hostParentProcessId":3795408,"userId":1000,"mountNamespace":4026531840,"pidNamespace":4026531836,"processName":"exa","hostName":"fujitsu","containerId":"","containerImage":"","containerName":"","podName":"","podNamespace":"","podUID":"","eventId":"257","eventName":"openat","argsNum":4,"returnValue":3,"stackAddresses":null,"syscall":"openat","contextFlags":{"containerStarted":false,"isCompat":false},"args":[{"name":"dirfd","type":"int","value":-100},{"name":"pathname","type":"const char*","value":"/lib/x86_64-linux-gnu/libgcc_s.so.1"},{"name":"flags","type":"int","value":524288},{"name":"mode","type":"mode_t","value":0}]}
-    ```
-
-    !!! Tip
-        A good tip is to pipe **tracee** json output to [jq]() tool, this way
-        you can select fields, rename them, filter values, and many other things:
-        > ```text
-        > sudo ./dist/tracee -o json -o option:parse-arguments
-        > -trace comm=ping | jq -c '. | {eventId, hostName, processName,
-        > hostProcessId,UserId}'
-        > ```
-
-4. **GOB**
+### JSON
 
-    ```text
-    $ sudo ./dist/tracee --output json --filter comm=bash --filter follow --filter event=openat
-    ```
+```text
+$ sudo ./dist/tracee --output json --filter comm=bash --filter follow --filter event=openat
+```
 
-5. **GOTEMPLATE**
+```json
+{"timestamp":1657290245020855990,"threadStartTime":615325807626168,"processorId":22,"processId":1664936,"cgroupId":1,"threadId":1664936,"parentProcessId":3795408,"hostProcessId":1664936,"hostThreadId":1664936,"hostParentProcessId":3795408,"userId":1000,"mountNamespace":4026531840,"pidNamespace":4026531836,"processName":"exa","hostName":"fujitsu","containerId":"","containerImage":"","containerName":"","podName":"","podNamespace":"","podUID":"","eventId":"257","eventName":"openat","argsNum":4,"returnValue":3,"stackAddresses":null,"syscall":"openat","contextFlags":{"containerStarted":false,"isCompat":false},"args":[{"name":"dirfd","type":"int","value":-100},{"name":"pathname","type":"const char*","value":"/etc/ld.so.cache"},{"name":"flags","type":"int","value":524288},{"name":"mode","type":"mode_t","value":0}]}
+{"timestamp":1657290245020940791,"threadStartTime":615325807626168,"processorId":22,"processId":1664936,"cgroupId":1,"threadId":1664936,"parentProcessId":3795408,"hostProcessId":1664936,"hostThreadId":1664936,"hostParentProcessId":3795408,"userId":1000,"mountNamespace":4026531840,"pidNamespace":4026531836,"processName":"exa","hostName":"fujitsu","containerId":"","containerImage":"","containerName":"","podName":"","podNamespace":"","podUID":"","eventId":"257","eventName":"openat","argsNum":4,"returnValue":3,"stackAddresses":null,"syscall":"openat","contextFlags":{"containerStarted":false,"isCompat":false},"args":[{"name":"dirfd","type":"int","value":-100},{"name":"pathname","type":"const char*","value":"/lib/x86_64-linux-gnu/libgcc_s.so.1"},{"name":"flags","type":"int","value":524288},{"name":"mode","type":"mode_t","value":0}]}
+```
 
-    Check [integrations page](../integrating/go-templates.md) for more info.
+!!! Tip
+    A good tip is to pipe **tracee** json output to [jq]() tool, this way
+    you can select fields, rename them, filter values, and many other things:
+    > ```text
+    > sudo ./dist/tracee -o json -o option:parse-arguments
+    > -trace comm=ping | jq -c '. | {eventId, hostName, processName,
+    > hostProcessId,UserId}'
+    > ```
 
-## Output Files
+### GOB
 
-Tracee gives user the option to select which files they want to use as standard
-output and standard error:
+```text
+$ sudo ./dist/tracee --output json --filter comm=bash --filter follow --filter event=openat
+```
 
-1. Output file
+### GOTEMPLATE
 
-    !!! tip
-        User might use different output formats combined with output file option
+When authoring a Go template the data source is Tracee's `trace.Event` struct, which is defined in `https://github.com/aquasecurity/tracee/blob/main/types/trace/trace.go#L15`.
 
-    ```text
-    $ sudo ./dist/tracee --filter comm=bash --filter follow --filter event=openat --output json:/tmp/tracee.log
-
-    $ cat /tmp/tracee.log | jq -c
-    ```
+Go template can utilize helper functions from [Sprig](http://masterminds.github.io/sprig/).
 
-    ```json
-    {"timestamp":1657291487418386000,"threadStartTime":616568205378363,"processorId":11,"processId":1893369,"cgroupId":1,"threadId":1893369,"parentProcessId":3795408,"hostProcessId":1893369,"hostThreadId":1893369,"hostParentProcessId":3795408,"userId":1000,"mountNamespace":4026531840,"pidNamespace":4026531836,"processName":"exa","hostName":"fujitsu","containerId":"","containerImage":"","containerName":"","podName":"","podNamespace":"","podUID":"","eventId":"257","eventName":"openat","argsNum":4,"returnValue":3,"stackAddresses":null,"syscall":"openat","contextFlags":{"containerStarted":false,"isCompat":false},"args":[{"name":"dirfd","type":"int","value":-100},{"name":"pathname","type":"const char*","value":"/etc/ld.so.cache"},{"name":"flags","type":"int","value":524288},{"name":"mode","type":"mode_t","value":0}]}
-    {"timestamp":1657291487418510000,"threadStartTime":616568205378363,"processorId":11,"processId":1893369,"cgroupId":1,"threadId":1893369,"parentProcessId":3795408,"hostProcessId":1893369,"hostThreadId":1893369,"hostParentProcessId":3795408,"userId":1000,"mountNamespace":4026531840,"pidNamespace":4026531836,"processName":"exa","hostName":"fujitsu","containerId":"","containerImage":"","containerName":"","podName":"","podNamespace":"","podUID":"","eventId":"257","eventName":"openat","argsNum":4,"returnValue":3,"stackAddresses":null,"syscall":"openat","contextFlags":{"containerStarted":false,"isCompat":false},"args":[{"name":"dirfd","type":"int","value":-100},{"name":"pathname","type":"const char*","value":"/lib/x86_64-linux-gnu/libgcc_s.so.1"},{"name":"flags","type":"int","value":524288},{"name":"mode","type":"mode_t","value":0}]}
-    ```
+For example templates, see [tracee/cmd/tracee-rules/templates](https://github.com/aquasecurity/tracee/tree/main/cmd/tracee-rules/templates).
 
-2. Error file
+## Logging
 
-    Redirect logs to a file if needed:
+Redirect logs to a file if needed:
 
-    ```text
-    $ sudo TRACEE_BPF_FILE=do-not-exist ./dist/tracee --filter comm=bash --filter follow --filter event=openat --output json:/tmp/tracee.events --output log-file:/tmp/tracee.log
-    ```
+```text
+$ sudo TRACEE_BPF_FILE=do-not-exist ./dist/tracee --filter comm=bash --filter follow --filter event=openat --output json:/tmp/tracee.events --output log-file:/tmp/tracee.log
+```

docs/docs/outputs/output-options.md

@@ -1,13 +1,8 @@
 # Tracing Output Options
 
-In order to check latest output options you may execute:
+Tracee supports different output options for customizing the way events are printed. For a complete list of available options, run `tracee --output help`.
 
-```text
-$ sudo ./dist/tracee --output help
-$ sudo ./dist/tracee --output option:xxx
-```
-
-Tracee supports different output options for detected events:
+Available options:
 
 1. **option:stack-addresses**  
 

mkdocs.yml

@@ -506,11 +506,6 @@ nav:
           - Getting Started: docs/forensics/index.md
       - Integrations:
           - Container Engines: docs/integrating/container-engines.md
-          - Detected Events:
-              - Go-template: docs/integrating/go-templates.md
-              - Deliver:
-                  - Webhook: docs/integrating/webhook.md
-                  - Postee: docs/integrating/postee.md
           - Prometheus: docs/integrating/prometheus.md
           - Healthz: docs/integrating/healthz.md
       - Deep Dive: