[Bro] Format of log file

Jean-Philippe Luiggi jp.luiggi at free.fr
Mon Jul 30 10:31:42 PDT 2007


On Mon, Jul 30, 2007 at 08:58:38AM -0700, Vern Paxson wrote:
> Historically each file has used fixed-column format, without tags to
> indicate the meaning of the column.  We've started migrating to tags for
> just the reason you cite, to make it easier to write back-end parsers.
> However, this effort is not complete.

  Ok, i understand, it sound likes good.  

> In the interim you might consider writing helper scripts that will
> translate the different log files into a tagged format.

  Ok, no problem for this.

> By normal time do you mean human-readable timestamps?  If so, you can achieve
> that using the "cf" tool in aux/cf - except it presently expects timestamps
> to start at the beginning of each line, so you'd need to extend it to know
> about t=<timestamp>.  (If you do, please send us a patch for the addition.)
> 		Vern
  What i thought about was to have the choice to have directly in the log a
  human-readable format for time.
  I'll work as soon as possible on "cf" as suggested. :-)
  Best regards,

More information about the Bro mailing list