Basic questions about the use of Bro.

Zeek
1

How can I get the output of Bro in normal time and not UNIX time,using cf.
for example,processing a tcpdump capture file:

/usr/local/bro-1.2/bin/bro -r tcpdumpfile ,I get a list of weird events
in UNIX time,and I prefer normal time.

I did not do a complete installation of Bro,I use Bro to analyze my home
ADSL connections right after the end of the session,so Bro does not report
to log files in the logs directory,it reports to standard output.
When I analyze dump files:

/usr/local/bro-1.2/bin/bro -r tcpdumpcapturefile so far I get a list of
weird events:

…weird: spontaneous_FIN

…weird: spontaneous_RST

…weird: window_recision

…weird: unsolicited_SYN_response

etc.,which by itself is not specially troublesome.My question is:
if bro ever needs to report more troublesome events,does it follow
the same terminology(name) used for the diverse files in the logs
directory?

2

How can I get the output of Bro in normal time and not UNIX time,using cf.
for example,processing a tcpdump capture file:

There's no general option for this. For any particular value you want to
print from a script, you can use fmt()'s %D or %T format.

I did not do a complete installation of Bro,I use Bro to analyze my home
ADSL connections right after the end of the session,so Bro does not report
to log files in the logs directory,it reports to standard output.

You can "@load weird" to get the "weird" output into a file instead.

if bro ever needs to report more troublesome events,does it follow
the same terminology(name) used for the diverse files in the logs
directory?

I'm not quite sure what you mean, but it will write alarms to stdout if
you haven't done "@load alarm", and the name used is the same in either case.

    Vern