How do you access the names of the columns in the Bro conn.log so that you can see what the fields are called?
Asked
Active
Viewed 800 times
1 Answers
1
If you type:
head -5 conn.log
you will see what the column names and types are. You can then use bro-cut to extract the data:
cat conn.log | bro-cut -d ts id.orig_h id.orig_p id.resp_h id.resp_p
Alternatively, you could simply do the following, which will print all columns with names:
cat conn.log | bro-cut | head -3
This will let you see the column headers and a little bit of data from the log.
David Hoelzer
- 15,862
- 4
- 48
- 67