bro-cut - parse bro logs

Author

bro-cut was written by The Bro Project <info@bro.org>.

       This  manual page was written by Raúl Benencia <rul@kalgan.cc> for the Debian project (but may be used by
       others).

bro-cut                                           November 2014                                       BRO-CUT(1)

Description

       Extracts  the  given  columns  from an ASCII Bro log on standard input.  If no columns are given, all are
       selected. By default, bro-cut does not include format header blocks into the output.

Environment

BRO_CUT_TIMEFMT
              For the time conversion, the format string  can  also  be  specified  by  setting  an  environment
              variable $BRO_CUT_TIMEFMT

Examples

cat conn.log | bro-cut-d ts id.orig_h id.orig_p

Name

       bro-cut - parse bro logs

Options

-c     Include the first format header block into the output.

       -C     Include all format header blocks into the output.

       -d     Convert time values into human-readable format (needs gawk).

       -D <fmt> Like -d, but specify format for time (see strftime(3) for syntax).

       -F <ofs> Sets a different output field separator.

       -n     Print all fields *except* those specified.

       -u     Like -d, but print timestamps in UTC instead of local time (needs gawk).

       -U <fmt> Like -D, but print timestamps in UTC instead of local time (needs gawk).