[Bro] quick question
dnthayer at illinois.edu
Tue Apr 30 13:29:59 PDT 2013
On 04/30/2013 03:01 PM, Allen, Brian wrote:
> Hi, I installed Bro here and I can already tell it is extremely useful.
> I'm just learning how to use it so I have lots of questions. Here are
> a couple quick ones:
> When parsing through the bro log files, how do I turn the timestamp
> column into something human readable? Where would I go to find this
> answer on my own? Is there a newbie guide to bro I should be reading?
> I don't see how to search this mailing list's archives.
> Brian Allen
> Network Security Analyst
> Washington University
> Bro mailing list
> bro at bro-ids.org
There's a command "bro-cut" that should be installed in
the same directory as "bro". Run bro-cut with an invalid
option (such as "bro-cut -x") and it will output a usage
message. There are several command-line options to convert
timestamps to human-readable format.
If you look at any email that was sent out to the mailing list,
there is a link to the mailing list archives at the bottom
of the message.
The Bro documentation is at http://bro.org/documentation/index.html
More information about the Bro