[Bro-Dev] #657: Change bro-cut for general timestamp conversion.
Bro Tracker
bro at tracker.bro-ids.org
Wed Nov 2 08:08:56 PDT 2011
#657: Change bro-cut for general timestamp conversion.
-----------------------------+------------------------
Reporter: seth | Owner: robin
Type: Feature Request | Status: new
Priority: Normal | Milestone: Bro2.0
Component: bro-aux | Version: git/master
Keywords: |
-----------------------------+------------------------
It should be possible to not give bro-cut any fields to cut out to get
everything passed through but still convert timestamps. This is
particularly relevant due to the removal of cf from the base distribution
and especially makes sense in light of logs that are self descriptive so
not limited to timestamps in the first column.
This should work:
{{{
cat conn.log | bro-cut -d
}}}
Since bro-cut is basically just an awk program anyway, this should work
too (it would be relatively easy to add, right?):
{{{
cat conn.log | bro-cut -c id.orig_h=1.2.3.4
}}}
I'm using "-c" above as "condition". This may be too much for now though,
the all fields timestamp thing is important though (due to lack of cf).
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/657>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list