[Bro] bro-cut -c vs -C
dnthayer at illinois.edu
Sat Sep 24 07:38:42 PDT 2016
On 9/24/16 7:49 AM, Harry Hoffman wrote:
> Hi Folks,
> I can't tell if I'm reading the man page for bro-cut incorrectly or if
> there's a bug.
> bro-cut -c and bro-cut -C seems to output the same headers. The man page states:
> -c Include the first format header block into the output.
> -C Include all format header blocks into the output.
> Can someone tell me what the difference should be?
The -C option is useful when bro-cut is reading more than one log file,
because it allows you to see the boundaries between each log file.
gunzip -c conn.*.log.gz | bro-cut -C
More information about the Bro