NAME

bro-cut - parse bro logs

SYNOPSIS

bro-cut [options] [<columns>]

DESCRIPTION

Extracts the given columns from an ASCII Bro log on standard input. If no columns are given, all are selected. By default, bro-cut does not include format header blocks into the output.

OPTIONS

-c
Include the first format header block into the output.
-C
Include all format header blocks into the output.
-d
Convert time values into human-readable format (needs gawk).
-D <fmt> Like -d, but specify format for time (see strftime(3) for syntax).
-F <ofs> Sets a different output field separator.
-n
Print all fields *except* those specified.
-u
Like -d, but print timestamps in UTC instead of local time (needs gawk).
-U <fmt> Like -D, but print timestamps in UTC instead of local time (needs gawk).

ENVIRONMENT

BRO_CUT_TIMEFMT
For the time conversion, the format string can also be specified by setting an environment variable $BRO_CUT_TIMEFMT

EXAMPLES

cat conn.log | bro-cut -d ts id.orig_h id.orig_p

AUTHOR

bro-cut was written by The Bro Project <[email protected]>.
This manual page was written by Raúl Benencia <[email protected]> for the Debian project (but may be used by others).

Recommended readings

Pages related to bro-cut you should read also:
strftime(3)

Questions & Answers

Helpful answers and articles about bro-cut you may found on these sites:
Stack Overflow Server Fault Super User Unix & Linux Ask Ubuntu Network Engineering DevOps Raspberry Pi Webmasters Google Search