Wed Jan 28 19:00:27 PST 2004

> I would like to convert the timestamp of the
> output trace to human-readable format.  Bro's manual describes a cf tool
> that can do this job.  However, I could not find this utility.  May I know
> where can I find this utility and how to use it?  Thank you.

There's no man page, but it'll tell you:

% /usr/local/bin/cf -h
cf version 1.1
usage: cf [-f fmt] [-lsu] [file ...]

I just happen to know that "-f fmt" is a timestamp format, eg:

% echo 987987987 | /usr/local/bin/cf
Apr 22 18:06:27

% echo 987987987 | /usr/local/bin/cf -f '%c'
Sun Apr 22 18:06:27 2001

% echo 987987987 | /usr/local/bin/cf -f '%Y-%m-%d %H:%M:%S'
2001-04-22 18:06:27


