[Bro] quick question

Daniel Thayer dnthayer at illinois.edu
Tue Apr 30 13:29:59 PDT 2013


On 04/30/2013 03:01 PM, Allen, Brian wrote:
> Hi, I installed Bro here and I can already tell it is extremely useful.
>   I'm just learning how to use it so I have lots of questions.  Here are
> a couple quick ones:
>
> When parsing through the bro log files, how do I turn the timestamp
> column into something human readable?  Where would I go to find this
> answer on my own?  Is there a newbie guide to bro I should be reading?
>   I don't see how to search this mailing list's archives.
>
> Thanks,
> -Brian
>
> Brian Allen
> Network Security Analyst
> Washington University
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>

There's a command "bro-cut" that should be installed in
the same directory as "bro".  Run bro-cut with an invalid
option (such as "bro-cut -x") and it will output a usage
message.  There are several command-line options to convert
timestamps to human-readable format.

If you look at any email that was sent out to the mailing list,
there is a link to the mailing list archives at the bottom
of the message.

The Bro documentation is at http://bro.org/documentation/index.html




More information about the Bro mailing list