[Bro] Bro's software log
James Lay
jlay at slave-tothe-box.net
Tue Jan 12 11:32:26 PST 2016
I LOVE the software log. Legit. It's awesome. I'm trying to create a
report of sorts, with sed and awk, and for the life of me I'm having a
tough time. Here's what I got so far:
zcat software.log.gz | bro-cut -d | sed -e 's/<tab character here, ie
ctrl-v, tab>/-/g' -e 's/\-\-\-[A-Z]\{3,5\}::/ /' -e 's/^.*0000-//'
This get me kinda close, but not close enough...here's the raw entry:
2016-01-01T14:57:02+0000 x.x.x.x - HTTP::BROWSER
Windows-Update-Agent 7 9 9600 18145 Client
Windows-Update-Agent/7.9.9600.18145 Client-Protocol/1.21
What' I'm really hoping for is this:
x.x.x.x Windows-Update-Agent/7.9.9600.18145 Client-Protocol/1.21
Just the IP address, and the last bit...the entire unparsed_version
field. Anyone got a clever script to do something like this? Thank
you.
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160112/134a433c/attachment.html
More information about the Bro
mailing list