NAME¶

bro-cut - parse bro logs

SYNOPSIS¶

bro-cut [options] [<columns>]

DESCRIPTION¶

Extracts the given columns from an ASCII Bro log on standard input. If no columns are given, all are selected. By default, bro-cut does not include format header blocks into the output.

OPTIONS¶

-c: Include the first format header block into the output.
-C: Include all format header blocks into the output.
-d: Convert time values into human-readable format (needs gawk).

-D <fmt> Like -d, but specify format for time (see strftime(3) for syntax).

-F <ofs> Sets a different output field separator.

-n: Print all fields *except* those specified.
-u: Like -d, but print timestamps in UTC instead of local time (needs gawk).

-U <fmt> Like -D, but print timestamps in UTC instead of local time (needs gawk).

ENVIRONMENT¶

BRO_CUT_TIMEFMT: For the time conversion, the format string can also be specified by setting an environment variable $BRO_CUT_TIMEFMT

EXAMPLES¶

cat conn.log | bro-cut -d ts id.orig_h id.orig_p

AUTHOR¶

bro-cut was written by The Bro Project <info@bro.org>.

This manual page was written by Raúl Benencia <rul@kalgan.cc> for the Debian project (but may be used by others).

November 2014

bro-cut

Source file:	bro-cut.1.en.gz (from bro-aux 0.42-1)
Source last updated:	2018-12-24T20:15:54Z
Converted to HTML:	2022-09-07T20:34:25Z