[Bro] bro-cut -c vs -C

Daniel Thayer dnthayer at illinois.edu
Sat Sep 24 07:38:42 PDT 2016


On 9/24/16 7:49 AM, Harry Hoffman wrote:
> Hi Folks,
>
> I can't tell if I'm reading the man page for bro-cut incorrectly or if
> there's a bug.
>
> bro-cut -c and bro-cut -C seems to output the same headers. The man page states:
>
> -c     Include the first format header block into the output.
> -C     Include all format header blocks into the output.
>
> Can someone tell me what the difference should be?
>
> Cheers,
> Harry


The -C option is useful when bro-cut is reading more than one log file,
because it allows you to see the boundaries between each log file.

For example:
gunzip -c conn.*.log.gz | bro-cut -C


More information about the Bro mailing list