Provided by: bro-aux_0.35-1_amd64 
NAME
bro-cut - parse bro logs
SYNOPSIS
bro-cut [options] [<columns>]
DESCRIPTION
Extracts the given columns from an ASCII Bro log on standard input. If no columns are
given, all are selected. By default, bro-cut does not include format header blocks into
the output.
OPTIONS
-c Include the first format header block into the output.
-C Include all format header blocks into the output.
-d Convert time values into human-readable format (needs gawk).
-D <fmt> Like -d, but specify format for time (see strftime(3) for syntax).
-F <ofs> Sets a different output field separator.
-n Print all fields *except* those specified.
-u Like -d, but print timestamps in UTC instead of local time (needs gawk).
-U <fmt> Like -D, but print timestamps in UTC instead of local time (needs gawk).
ENVIRONMENT
BRO_CUT_TIMEFMT
For the time conversion, the format string can also be specified by setting an
environment variable $BRO_CUT_TIMEFMT
EXAMPLES
cat conn.log | bro-cut -d ts id.orig_h id.orig_p
AUTHOR
bro-cut was written by The Bro Project <info@bro.org>.
This manual page was written by Raúl Benencia <rul@kalgan.cc> for the Debian project (but
may be used by others).