Manual searching to establish a timeline of events that I can understand when my intel.log chirps.
On Fri, Aug 12, 2016 at 2:40 PM, Azoff, Justin S <[email protected]> wrote: > > > On Aug 12, 2016, at 2:14 PM, Aashish Sharma <[email protected]> wrote: > > > > May be try: ftp://ftp.ee.lbl.gov/cf-1.2.5.tar.gz > > > > eg: cf conn.log | less > > > > Yeah.. cf should be a few times faster than bro-cut for busy log files, > especially if the only thing you are doing is converting the timestamp. > It has an optimization that bro-cut doesn't have yet for avoiding > converting timestamps if the current one is the same second as the previous > one. > > If you are using both tools though and only extracting a few fields, > piping bro-cut to cf should be faster than piping cf to bro-cut. > > I'm not sure why converting the timestamp is so important though. What > are you doing with the data once you convert the timestamps? > > > -- > - Justin Azoff > >
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
