number of connections to the same port in 100 connections

Salman_Tara · June 30, 2016, 5:30pm

Hi everyone,
I am trying to find the number of connections having the same source ip and destination port in the last 100 connection using bro commands
I managed to get the number in all connections using:
bro-cut id.orig_h id.orgi_p < conn.log | sort| uniq -c| sort -rn

which is working fine but i need to modify this to include only the last 100 connections in the log file. is there a way to do that ?

thanks in advance

Azoff_Justin_S · June 30, 2016, 6:03pm

Give this a try:

(head -n 8 conn.log ;tail -n 100 conn.log ) | bro-cut id.orig_h id.orig_p | sort| uniq -c| sort -rn

you need the first 8 lines for the header so bro-cut works.

Topic		Replies	Views
Unique connection ID for bro <-> logging framework Development development	11	80	May 6, 2022
Help with searching logs Zeek	15	107	May 6, 2022
Question on cutting down on number of conn.log entries Zeek	4	83	May 6, 2022
thank you and what does this mena? Zeek	2	93	May 6, 2022
Different Connection UID when using different modus Zeek	2	78	May 6, 2022

number of connections to the same port in 100 connections

Related topics