[Bro] "time" format in Bro log files
Robin Sommer
robin at icir.org
Thu Sep 24 02:29:30 PDT 2009
On Thu, Sep 24, 2009 at 01:33 -0700, Laleh Arshadi wrote:
> 1235293253.403384 0.062331 79.127.0.27 81.31.174.213 http 51271 80 tcp ? 144 SHR X cc=1
>
> The problem is I cannot interpret the time record (1235293253.403384). Can you please help me?
It's a Unix timestamp, i.e., seconds since Jan 1, 1970. To get
something more readable, pipe the conn.log through the cf tool in
aux/cf.
Robin
--
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list