bro-cut (1) Linux Manual Page
NAME
bro-cut – parse Bro logs
SYNOPSIS
bro-cut [options] [columns]
DESCRIPTION
Extracts the given columns from ASCII Bro logs on standard input, and outputs them to standard output. If no columns are given, all are selected. By default, bro-cut does not include format header blocks in the output.
Columns are specified as a list of space-separated field names. The order of field names given to bro-cut determines the output order, which means bro-cut can be used to reorder columns.
The ASCII Bro logs read on standard input must have intact format header blocks because bro-cut needs this information to correctly interpret the log file format. In fact, bro-cut can process the concatenation of multiple ASCII log files that have different column layouts.
OPTIONS
-c- Include the first format header block into the output.
-C- Include all format header blocks into the output.
-d- Convert time values into human-readable format.
-
-D<fmt> Like-d, but specify format for time (see strftime(3) for syntax).-F<ofs> Sets a different output field separator.-n -
- Print all fields except those specified.
-u- Like
-d, but print timestamps in UTC instead of local time. -
-U<fmt> Like-D, but print timestamps in UTC instead of local time.
ENVIRONMENT
BRO_CUT_TIMEFMT-
- For time conversion option
-dor-u, the format string can be specified by setting this environment variable. - For time conversion option
EXAMPLES
Output three columns and convert time values:
cat conn.log | bro-cut -d ts id.orig_h id.orig_p
Output all columns and convert time values with a custom format string:
cat conn.log | bro-cut -D "%Y-%m-%d %H:%M:%S"
SEE ALSO
strftime(3)
AUTHOR
bro-cut was written by The Bro Project <info [at] bro.org>.