[Bro] Bro Log Analysis - by CIDR

Ryan iamreck at gmail.com
Wed Apr 29 11:17:21 PDT 2015


Ah - Very nice. Thank you for pointing that out Paul.

Ryan Peck


On Wed, Apr 29, 2015 at 2:14 PM, Paul Halliday <paul.halliday at gmail.com>
wrote:

> Not sure if this helps:
> https://www.bro.org/sphinx/components/pysubnettree/README.html
>
> On Wed, Apr 29, 2015 at 2:49 PM, Ryan <iamreck at gmail.com> wrote:
> > If I do write a Python script to do this - I'm heavily inclined to use
> > Python 3 (for the ipaddress Module).
> >
> > Ryan Peck
> >
> >
> > On Wed, Apr 29, 2015 at 9:42 AM, Ryan <iamreck at gmail.com> wrote:
> >>
> >> I'm looking at analyzing bro logs, filtering by an arbitrary CIDR.
> >>
> >> Before I go write a Python script that will handle this - I was
> wondering
> >> if something already existed.
> >>
> >> As an example -
> >>
> >>     zcat ssl.12\:00\:00-13\:00\:00.log.gz | bro-cut server_name
> id.orig_h
> >> | by_CIDR.py 129.21.1.0/23
> >>
> >> I was also contemplating modifying bro-cut to handle this.
> >>
> >> Thanks,
> >> Ryan
> >
> >
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
> --
> Paul Halliday
> http://www.pintumbler.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150429/d922236f/attachment.html 


More information about the Bro mailing list