I have recently added a little script called bro2csv on Github.
The script is intended to run on the default log settings for Bro being tab delimited logs with epoch timestamps.
This will allow you to take a file with bro logs and very easily add headers, human readable timestamps,
and covert it to CSV format.
The script is done purely in Python.
I came up with this as many times I would get asked what a particular column was in a log.
Sometimes I would even get what does the whole thing mean!
So this can save a lot of time if you present your Bro logs to anyone.
You will begin a line with a ‘#’ for a comment (#This is a test).
You will begin a line with a ‘@’ for a header (@conn).
Lastly, you just group your logs however you want them displayed.
Just run the command bro2csv -i ‘your file’ and your done.
You can clone this at ‘https://github.com/red8383light/BRO2CSV’
This will create ‘/usr/local/bro2csv’ and consists of the bro2csv file and your header file.
Please check it out if you get sometime. Feed back is greatly appreciated!
I hope to contribute more to the project soon.
This is my first addition in Git so if I did something wrong or you have any further suggestions… please let me know.
Thanks,
Adam “Red8383light” Hall