Is there a way to use "bro-cut -d" automatically during log parsing?

Dave_Florek · August 12, 2016, 3:54pm

Hi,

Is there a way to use “bro-cut -d” automatically during log parsing so when I open the Bro Logs, they’re all in EST instead of Epoch?

Thanks in advance,

Daniel_Thayer · August 12, 2016, 5:34pm

You could create a shell script wrapper that contains this:
bro-cut -d "$@"

And then just use that script instead of bro-cut.

Dave_Florek · August 12, 2016, 7:14pm

Thank you,

I’ll take a look at this.

Topic		Replies	Views
Bro IDS request Development development	5	87	May 6, 2022
"bro-cut -d \| grep" vs. "grep \| bro-cut -d" Zeek	3	49	May 6, 2022
bro_json-logs Zeek	6	93	May 6, 2022
Another Doubt Zeek	2	92	May 6, 2022
- time diff between bro logs and host clock Zeek	2	65	May 6, 2022