[Bro-Dev] bro-cut
Matthias Vallentin
vallentin at icir.org
Thu Oct 27 12:37:45 PDT 2011
> I'm thinking bro-cut is something worth installing by default into
> $prefix/bin/, even though it's living in bro-aux.
Yup, that tool is really handy and I am using it right away for the
workshop exercises. A few comments:
- Neither -h nor --help seem to be a valid switch, although they
"correctly" display the usage.
- The usage currently ends with
For time conversion, the def
Something seems to miss.
- Would you mind adding a way to specify an output separator (OFS in
awk)? For example, when concatenating URLs from http.log, I would
like to do something along the lines of:
bro-cut -F '' host uri < http.log
to get output in this form:
mt1.google.com/vt/lyrs=m at 162254822&hl=en&x=657&y=1581&z=12&s=
mt0.google.com/vt/lyrs=m at 162249697&hl=en&x=656&y=1581&z=12&s=Galil
Matthias
More information about the bro-dev
mailing list