1BRO-CUT(1) User Commands BRO-CUT(1)
2
6 bro-cut - parse Bro logs
7
9 bro-cut [options] [columns]
10
12 Extracts the given columns from ASCII Bro logs on standard input, and
13 outputs them to standard output. If no columns are given, all are
14 selected. By default, bro-cut does not include format header blocks in
15 the output.
16 Columns are specified as a list of space-separated field names. The
18 order of field names given to bro-cut determines the output order,
19 which means bro-cut can be used to reorder columns.
20 The ASCII Bro logs read on standard input must have intact format
22 header blocks because bro-cut needs this information to correctly
23 interpret the log file format. In fact, bro-cut can process the con‐
24 catenation of multiple ASCII log files that have different column lay‐
25 outs.
26
28 -c Include the first format header block into the output.
29 -C Include all format header blocks into the output.
31 -d Convert time values into human-readable format.
33 -D <fmt> Like -d, but specify format for time (see strftime(3) for syn‐
35 tax).
36 -F <ofs> Sets a different output field separator.
38 -n Print all fields except those specified.
40 -u Like -d, but print timestamps in UTC instead of local time.
42 -U <fmt> Like -D, but print timestamps in UTC instead of local time.
44
46 BRO_CUT_TIMEFMT
47 For time conversion option -d or -u, the format string can be
48 specified by setting this environment variable.
49
51 Output three columns and convert time values:
52 cat conn.log | bro-cut -d ts id.orig_h id.orig_p
53 Output all columns and convert time values with a custom format string:
55 cat conn.log | bro-cut -D "%Y-%m-%d %H:%M:%S"
56
58 strftime(3)
59
61 bro-cut was written by The Bro Project <info@bro.org>.
62bro-cut November 2014 BRO-CUT(1)