[Bro] How to parse bro decimal timestamps?
Brad Cox
bradjcox at gmail.com
Sat Apr 16 13:05:18 PDT 2016
How do I turn the timestamp (ts) field in this example into a standard date format (java or unix dates for example?)
set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open 2016-04-04-09-00-04
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1459774793.429104 CZgDTe31Z6ynNuzgN7 fe80::c874:93f:5b4e:c1e1 64648 ff02::1:3 5355 udp dns 0.412428 44 0 S0 F F 0 D 2 140 0 0 (empty)
1459774793.429113 Ci77TT3Kp4dNmhAYc1 172.16.2.33 64648 224.0.0.252 5355 udp dns 0.412434 44 0 S0 F F 0 D 2 100 0 0 (empty)
Dr. Brad J. Cox Cell: 703-594-1883 Skype: dr.brad.cox
More information about the Bro
mailing list