I'll check it out. Glad to know there are alternatives to bro-cut. Thanks for your time guys,
On Fri, Aug 12, 2016 at 3:10 PM, Dave Florek <[email protected]> wrote: > Manual searching to establish a timeline of events that I can understand > when my intel.log chirps. > > On Fri, Aug 12, 2016 at 2:40 PM, Azoff, Justin S <[email protected]> > wrote: > >> >> > On Aug 12, 2016, at 2:14 PM, Aashish Sharma <[email protected]> wrote: >> > >> > May be try: ftp://ftp.ee.lbl.gov/cf-1.2.5.tar.gz >> > >> > eg: cf conn.log | less >> > >> >> Yeah.. cf should be a few times faster than bro-cut for busy log files, >> especially if the only thing you are doing is converting the timestamp. >> It has an optimization that bro-cut doesn't have yet for avoiding >> converting timestamps if the current one is the same second as the previous >> one. >> >> If you are using both tools though and only extracting a few fields, >> piping bro-cut to cf should be faster than piping cf to bro-cut. >> >> I'm not sure why converting the timestamp is so important though. What >> are you doing with the data once you convert the timestamps? >> >> >> -- >> - Justin Azoff >> >> >
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
