[Bro-Dev] bro-cut

Matthias Vallentin vallentin at icir.org
Thu Oct 27 12:37:45 PDT 2011


> I'm thinking bro-cut is something worth installing by default into
> $prefix/bin/, even though it's living in bro-aux.

Yup, that tool is really handy and I am using it right away for the
workshop exercises. A few comments:

    - Neither -h nor --help seem to be a valid switch, although they
      "correctly" display the usage.

    - The usage currently ends with

        For time conversion, the def

      Something seems to miss.

    - Would you mind adding a way to specify an output separator (OFS in
      awk)? For example, when concatenating URLs from http.log, I would
      like to do something along the lines of:

        bro-cut -F '' host uri < http.log

      to get output in this form:

        mt1.google.com/vt/lyrs=m at 162254822&hl=en&x=657&y=1581&z=12&s=
        mt0.google.com/vt/lyrs=m at 162249697&hl=en&x=656&y=1581&z=12&s=Galil

    Matthias


More information about the bro-dev mailing list