[Bro] "bro-cut -d | grep" vs. "grep | bro-cut -d"
James Lay
jlay at slave-tothe-box.net
Fri Mar 29 08:17:52 PDT 2013
Topic (sorta) says it. Example:
[08:49:21 ids:~/broarchive/03-28-2013$] zcat dns.log.gz | grep light |
bro-cut -d
[08:49:25 ids:~/broarchive/03-28-2013$] zcat dns.log.gz | bro-cut -d |
grep light
2013-03-28T20:42:09-0600 X8KFdodB5Ie x.x.x.x 55051
x.x.x.x 53 udp 43494 www.lighting.com 1
C_INTERNET 1 A 0 NOERROR F F T
T 0 x.x.x.x 3600.000000
[08:49:50 ids:~/broarchive/03-28-2013$]
I'd like to grep out the content before sending to bro-cut as it takes
a fraction of the time (as shown above). I've made sure that no
colorization is happening. Any hints on how I can get this to fly?
Thank you.
James
More information about the Bro
mailing list