NAME

bro-cut - parse bro logs

SYNOPSIS

bro-cut [options] [<columns>]

DESCRIPTION

Extracts the given columns from an ASCII Bro log on standard input. If no columns are given, all are selected. By default, bro-cut does not include format header blocks into the output.

OPTIONS

-c

Include the first format header block into the output.

-C

Include all format header blocks into the output.

-d

Convert time values into human-readable format (needs gawk).

-D <fmt> Like -d, but specify format for time (see strftime(3) for syntax).

-F <ofs> Sets a different output field separator.

-n

Print all fields *except* those specified.

-u

Like -d, but print timestamps in UTC instead of local time (needs gawk).

-U <fmt> Like -D, but print timestamps in UTC instead of local time (needs gawk).

ENVIRONMENT

BRO_CUT_TIMEFMT

For the time conversion, the format string can also be specified by setting an environment variable $BRO_CUT_TIMEFMT

EXAMPLES

cat conn.log | bro-cut -d ts id.orig_h id.orig_p

AUTHOR

bro-cut was written by The Bro Project <info@bro.org>.

This manual page was written by Raúl Benencia <rul@kalgan.cc> for the Debian project (but may be used by others).