[Bro] Format of log file

Jean-Philippe Luiggi jp.luiggi at free.fr
Mon Jul 30 07:43:23 PDT 2007


I've a little question,  why do we've some files (log) which start with 
t=<epoch_time>, example : alarm/notice and others with just <epoch_time>,
example : arp/conn ?
I ask this because i'm writing a little script and it'll 
be more easy to only have one format. :-)

Another thing, i'm thinking about adding one more parameter in bro.cfg, we
may use it to specify if we want the log's time in epoch 's time or 'normal'
What to do think about this ?

Best regards,


More information about the Bro mailing list