[Bro] How to parse bro decimal timestamps?

Brad Cox bradjcox at gmail.com
Sat Apr 16 13:05:18 PDT 2016


How do I turn the timestamp (ts) field in this example into a standard date format (java or unix dates for example?)

set_separator	,
#empty_field	(empty)
#unset_field	-
#path	conn
#open	2016-04-04-09-00-04
#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
1459774793.429104	CZgDTe31Z6ynNuzgN7	fe80::c874:93f:5b4e:c1e1	64648	ff02::1:3	5355	udp	dns	0.412428	44	0	S0	F	F	0	D	2	140	0	0	(empty)
1459774793.429113	Ci77TT3Kp4dNmhAYc1	172.16.2.33	64648	224.0.0.252	5355	udp	dns	0.412434	44	0	S0	F	F	0	D	2	100	0	0	(empty)


Dr. Brad J. Cox    Cell: 703-594-1883 Skype: dr.brad.cox







More information about the Bro mailing list