Bro Log Analysis - by CIDR

I’m looking at analyzing bro logs, filtering by an arbitrary CIDR.

Before I go write a Python script that will handle this - I was wondering if something already existed.

As an example -

zcat ssl.12:00:00-13:00:00.log.gz | bro-cut server_name id.orig_h |

I was also contemplating modifying bro-cut to handle this.


If I do write a Python script to do this - I’m heavily inclined to use Python 3 (for the ipaddress Module).

Not sure if this helps:

Ah - Very nice. Thank you for pointing that out Paul.