[Bro] Running racluster but with a time frame

Monah Baki monahbaki at gmail.com
Thu Aug 28 10:18:31 PDT 2014

Hi all,

I need to run the following command "racluster -r
argus.2014. -s stime daddr -s stime saddr daddr
trans" but to display only events from 10:00am to 10:15am.

How can I accomplish this?


More information about the Bro mailing list