[Bro] Bro Log Analysis - by CIDR
Paul Halliday
paul.halliday at gmail.com
Wed Apr 29 11:14:15 PDT 2015
Not sure if this helps:
https://www.bro.org/sphinx/components/pysubnettree/README.html
On Wed, Apr 29, 2015 at 2:49 PM, Ryan <iamreck at gmail.com> wrote:
> If I do write a Python script to do this - I'm heavily inclined to use
> Python 3 (for the ipaddress Module).
>
> Ryan Peck
>
>
> On Wed, Apr 29, 2015 at 9:42 AM, Ryan <iamreck at gmail.com> wrote:
>>
>> I'm looking at analyzing bro logs, filtering by an arbitrary CIDR.
>>
>> Before I go write a Python script that will handle this - I was wondering
>> if something already existed.
>>
>> As an example -
>>
>> zcat ssl.12\:00\:00-13\:00\:00.log.gz | bro-cut server_name id.orig_h
>> | by_CIDR.py 129.21.1.0/23
>>
>> I was also contemplating modifying bro-cut to handle this.
>>
>> Thanks,
>> Ryan
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Paul Halliday
http://www.pintumbler.org/
More information about the Bro
mailing list