[Bro] "time" format in Bro log files

Robin Sommer robin at icir.org
Thu Sep 24 02:29:30 PDT 2009


On Thu, Sep 24, 2009 at 01:33 -0700, Laleh Arshadi wrote:

> 1235293253.403384 0.062331 79.127.0.27 81.31.174.213 http 51271 80 tcp ? 144 SHR X cc=1
> 
> The problem is I cannot interpret the time record (1235293253.403384). Can you please help me?

It's a Unix timestamp, i.e., seconds since Jan 1, 1970. To get
something more readable, pipe the conn.log through the cf tool in
aux/cf.

Robin

-- 
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org 
ICSI/LBNL    * Fax   +1 (510) 666-2956 *   www.icir.org



More information about the Bro mailing list