Tshark output in apache log format

[Jeffs <jeffs () speakeasy net>]

  I doubt that Tshark can output a file in apache log format, but 
another program, justniffer, can read a .cap file and output in apache 
log format.

I am currently using the following tshark command line to extract only 
sessions with 'www.' in the link:

tshark -r test.pcap -T fields -e http.host  | sed 's/?.*$//' | sed -n 
'/www./p'  | sort | uniq -c | sort -rn | head -n 500

but this output is not in apache log format for use by justniffer.

Can someone suggest a method to:

either use tshark to output in apache log format only data with "www." 
in the data, or

use a tshark command line sequence to output a "standard" .cap file that 
would contain all the usual .cap data but only for those records that 
contain "www." in them.

Thanks.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe