I’m looking at analyzing bro logs, filtering by an arbitrary CIDR.
Before I go write a Python script that will handle this - I was wondering if something already existed.
As an example -
zcat ssl.12:00:00-13:00:00.log.gz | bro-cut server_name id.orig_h | by_CIDR.py 129.21.1.0/23
I was also contemplating modifying bro-cut to handle this.
Thanks,
Ryan