[Bro] Help with searching logs
Michael Bower
mbower2 at gmail.com
Tue Apr 2 17:19:13 PDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Im still learning, so bare with me. I ran the following command:
bro-cut id.orig_h orig_bytes < conn.log \
| sort \
| awk '{ if (host != $1) { \
if (size != 0) \
print $1, size; \
host=$1; \
size=0 \
} else \
size += $2 \
} \
END { \
if (size != 0) \
print $1, size \
}' \
| sort -rnk 2 \
| head -n 10
This worked well to show me the top 10 hosts (originators). What Im
trying to do is show the top 10 hosts and the time (ts). Maybe show
the resp_bytes field too, if that is possible. Any help would be
greatly appreciated.
Thanks!
- --
Mike
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBCgAGBQJRW3WBAAoJEIAKCPjZh/yXUF4H/RhFuVQy6bT3Z8Z1k2oMDBGt
TYFAfsyeXcnf9dOl3NFGEIlifjDMZ/gK5kBVWo/FYSHGWHrCT0+ICcsjwLroRP/E
rn1StPS7ozlSiY2ZJSG0UAUCZX0HZ0ujvmNo8UvnoAR75cORq8Y08cU4XpLjqhxc
d4xu3G+HnhyzjKAiG6xtqDpK2Z3bnjJzyWEqZCoYDzNqtcYnrxYjcKa0kX9rBhUr
uV6upZ9OHIdf25EYCVfjDrKPSUaRhSAnTVtYE0+OQRA0OPpnG3rLWFSK2yjkTbNG
AzKXfhJZ0PWmUWkeD6Bzf2TCNqfyLchNSScm2atA/dhTRBV3JhHIhwIcejXr6sk=
=23Kd
-----END PGP SIGNATURE-----
More information about the Bro
mailing list