Originally recorded September 12, 2017

While bro-cut is certainly an important tool in your toolbox, you can expand on your ability to analyze logs and detect a variety of interesting network events through the use of the awk program. In this talk Mark will give an intro to the syntax of the awk command and then show several examples of how awk can be used directly on logs or in a pipeline with other programs. He hopes that you find the examples provided as useful takeaways from BroCon whether you are a beginner or advanced user.

Mark Krenz is the Lead Security Analyst at Indiana University’s Center for Applied Cybersecurity Research where he has participated on projects such as the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) and the Software Assurance Marketplace (SWAMP). In addition to using Bro at work on a small enterprise network, he also uses Bro at home to monitor IoT devices. Mark is also the creator/host of the popular Twitter account @climagic, which provides useful Unix command tips to over 100 thousand command line enthusiasts

Slides: https://zeek.org/brocon2017/slides/awk_bro_logs.pdf