[Bro] Help with searching logs
Michael Bower
mbower2 at gmail.com
Mon Mar 25 08:01:07 PDT 2013
Im still learning, so bare with me. I ran the following command:
bro-cut id.orig_h orig_bytes < conn.log \
| sort \
| awk '{ if (host != $1) { \
if (size != 0) \ print $1,
size; \ host=$1;
\ size=0 \
} else \ size += $2
\ }
\ END { \
if (size != 0) \ print $1,
size \ }'
\
| sort -rnk 2 \
| head -n 10
This worked well to show me the top 10 hosts (originators). What Im trying
to do is show the top 10 hosts and the time (ts). Maybe show
the resp_bytes field too, if that is possible. Any help would be
greatly appreciated.
Thanks!
--
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130325/31fea21a/attachment.html
More information about the Bro
mailing list