> There's no man page, but it'll tell you:
Actually, there is a man page, cf.1, which can be formatted using nroff
-man as usual for Unix man pages.
This version of cf is newer than the one in aux/cf/ of the Bro distribution
(as you well know!, since you are the one who contributed the additions),
but will be included in the next Bro release as aux/cf-1.1/ .
I would like to convert the timestamp of the
output trace to human-readable format. Bro's manual describes a cf tool
that can do this job. However, I could not find this utility. May I know
where can I find this utility and how to use it? Thank you.
> ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+))
> I can't understand what "[[:xdigit:]]" means?
> Would you give me an explanation?
[[:xdigit:]] is one of the magic charaacter classes that POSIX standardized.
It expands to any hex digit, i.e., [0-9a-fA-F]. More precisely, it expands
to any character matched by <ctype.h>'s isxdigit(). The full set of such
[:alnum:] [:alpha:] [:blank:] [:cntrl:] [:digit:] [:graph:]
[:lower:] [:print:] [:punct:] [:space:] [:upper:] [:xdigit:]
I have a question about a regular-expression line in "scan.l" file.
I can't understand what "[[:xdigit:]]" means?
Would you give me an explanation?
Thanks & Regards!
Netpower Inc. in Beijing
I'm under contract with Addison-Wesley to write a book
on network security monitoring, and I've written over
400 pages so far. I would like to include
instructions on setting up Bro on FreeBSD, and general
best practices for this tool.
Would anyone be interested in contributing? I'll give
full credit in the text and acknowledgements.
I also plan to mention Snort and Prelude in the same
chapter. The focus is open source, so I avoid
This is not "another Snort book." I'm covering dozens
of tools to address many facets of network security
monitoring. Traditional "IDS" is only one chapter,
but I'd like to do justice to Bro.
I would need the material in the next two weeks to
make my deadlines.
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes