[gentoo-user] Time format in log files

[gentoo-user] Time format in log files

[Mick]

[-- Attachment #1: Type: text/plain, Size: 602 bytes --]

Hi All,

I am sure that someone has asked this before, but a cursory look doesn't bring 
anything up.  I am going through some logs and I cannot understand what the 
time was when certain events took place:

[1200806556] SERVICE ALERT: router.xxxxxxxxxxxxxxxxxxxxxxx
[1200806576] SERVICE ALERT: router.xxxxxxxxxxxxxxxxxxxxxxx
[1200806891] HOST ALERT: router.xxxxxxxxxxxxxxxxxxxxxxxxxx
[1200806891]

Could you please tell me how to interpret/parse these so that they show time 
in hrs:min so that I can understand it?  (anything I could feed to less would 
be grand).
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Time format in log files

[Greg Bowser]

Hi,
Those dates are in a format called "unix timestamps", which represent
the number of seconds since the unix epoch (Jaunuary 1st, 1970). You
can get the current unix timestamp via the date command (date +%s). As
far as any command-line utility to convert them,I leave that to
Google.  However, most programming languages provide functions to
convert between timestamp formats.

-- Greg

On Jan 27, 2008 4:54 PM, Mick <michaelkintzios@gmail.com> wrote:
> Hi All,
>
> I am sure that someone has asked this before, but a cursory look doesn't bring
> anything up.  I am going through some logs and I cannot understand what the
> time was when certain events took place:
>
> [1200806556] SERVICE ALERT: router.xxxxxxxxxxxxxxxxxxxxxxx
> [1200806576] SERVICE ALERT: router.xxxxxxxxxxxxxxxxxxxxxxx
> [1200806891] HOST ALERT: router.xxxxxxxxxxxxxxxxxxxxxxxxxx
> [1200806891]
>
> Could you please tell me how to interpret/parse these so that they show time
> in hrs:min so that I can understand it?  (anything I could feed to less would
> be grand).
> --
> Regards,
> Mick
>
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[Mick]

[-- Attachment #1: Type: text/plain, Size: 598 bytes --]

On Sunday 27 January 2008, Greg Bowser wrote:
> Hi,
> Those dates are in a format called "unix timestamps", which represent
> the number of seconds since the unix epoch (Jaunuary 1st, 1970). You
> can get the current unix timestamp via the date command (date +%s). As
> far as any command-line utility to convert them,I leave that to
> Google.  However, most programming languages provide functions to
> convert between timestamp formats.

Thanks Greg,

It's amazing what one can dig out from Google:

perl -pe 's/(\d+)/localtime($1)/e' /var/log/<logfile_name>

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Time format in log files

[Etaoin Shrdlu]

On Sunday 27 January 2008, Mick wrote:
> On Sunday 27 January 2008, Greg Bowser wrote:
> > Hi,
> > Those dates are in a format called "unix timestamps", which
> > represent the number of seconds since the unix epoch (Jaunuary 1st,
> > 1970). You can get the current unix timestamp via the date command
> > (date +%s). As far as any command-line utility to convert them,I
> > leave that to Google.  However, most programming languages provide
> > functions to convert between timestamp formats.
>
> Thanks Greg,
>
> It's amazing what one can dig out from Google:
>
> perl -pe 's/(\d+)/localtime($1)/e' /var/log/<logfile_name>

I like this one too: 

# date -d @1200806556
Sun Jan 20 06:22:36 CET 2008
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[Peter Humphrey]

On Sunday 27 January 2008 21:54:23 Mick wrote:
> Hi All,
>
> I am sure that someone has asked this before, but a cursory look doesn't
> bring anything up.  I am going through some logs and I cannot understand
> what the time was when certain events took place:
>
> [1200806556] SERVICE ALERT: router.xxxxxxxxxxxxxxxxxxxxxxx
> [1200806576] SERVICE ALERT: router.xxxxxxxxxxxxxxxxxxxxxxx
> [1200806891] HOST ALERT: router.xxxxxxxxxxxxxxxxxxxxxxxxxx
> [1200806891]
>
> Could you please tell me how to interpret/parse these so that they show
> time in hrs:min so that I can understand it?  (anything I could feed to
> less would be grand).

I asked a similar question last year, in the hope of finding a tiny utility 
through which to pipe grep output. I was offered an Awk recipe, but I 
couldn't get it to work at the time.

I'm still looking for an answer, and Google isn't helping me. Nor is my Bash 
Cookbook from O'Reilly.

-- 
Rgds
Peter
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[William Kenworthy]

What you are looking at is a unix timestamp - seconds since 1/1/70 (from
memory)  A number of log analysers will convert it for you.  I pipe
squid logs and the like through "cat logfile|ccze -C" which will do the
conversion on the fly.

BillK


On Mon, 2008-01-28 at 10:21 +0000, Peter Humphrey wrote:
> On Sunday 27 January 2008 21:54:23 Mick wrote:
> > Hi All,
> >
> > I am sure that someone has asked this before, but a cursory look doesn't
> > bring anything up.  I am going through some logs and I cannot understand
> > what the time was when certain events took place:
> >
> > [1200806556] SERVICE ALERT: router.xxxxxxxxxxxxxxxxxxxxxxx
> >
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[Peter Humphrey]

On Monday 28 January 2008 12:07:45 William Kenworthy wrote:

> What you are looking at is a unix timestamp

Yes, we've established that.

> A number of log analysers will convert it for you.  I pipe squid logs and
> the like through "cat logfile|ccze -C" which will do the conversion on the
> fly. 

$ grep completed /var/log/emerge.log | ccze -C gives lines like this:

1197637365:  ::: completed emerge (57 of 207) app-doc/xorg-docs-1.4-r1 to /

and then the whole lot disappears at the end of the listing. I can't see 
anything in the manual to help (missing plugins or anything), so I'll have 
to abandon this one. Thanks anyway.

-- 
Rgds
Peter
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[Etaoin Shrdlu]

On Monday 28 January 2008, Peter Humphrey wrote:

> $ grep completed /var/log/emerge.log | ccze -C gives lines like this:
>
> 1197637365:  ::: completed emerge (57 of 207) app-doc/xorg-docs-1.4-r1
> to /
>
> and then the whole lot disappears at the end of the listing. I can't
> see anything in the manual to help (missing plugins or anything), so
> I'll have to abandon this one. Thanks anyway.

The solution Mick previously found seems to work just fine even 
with /var/log/emerge.log:

# grep completed /var/log/emerge.log | perl -pe 's/(\d+)/localtime($1)/e' 
Tue Nov  2 16:57:54 2004:  ::: completed emerge (1 of 1) 
sys-apps/portage-2.0.51-r2 to /
Tue Nov  2 16:58:54 2004:  ::: completed emerge (1 of 1) 
sys-apps/portage-2.0.51-r2 to /
...
(output omitted)
...
Mon Jan 28 14:14:44 2008:  ::: completed emerge (6 of 7) 
x11-libs/wxGTK-2.6.4.0-r3 to /
Mon Jan 28 14:14:47 2008:  ::: completed emerge (7 of 7) 
app-admin/eselect-wxwidgets-0.7-r1 to /
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[Jan Seeger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 28. Jan, Peter Humphrey spammed my inbox with 
> On Sunday 27 January 2008 21:54:23 Mick wrote:
> > Hi All,
> >
> > I am sure that someone has asked this before, but a cursory look doesn't
> > bring anything up.  I am going through some logs and I cannot understand
> > what the time was when certain events took place:
> >
> > [1200806556] SERVICE ALERT: router.xxxxxxxxxxxxxxxxxxxxxxx
> > [1200806576] SERVICE ALERT: router.xxxxxxxxxxxxxxxxxxxxxxx
> > [1200806891] HOST ALERT: router.xxxxxxxxxxxxxxxxxxxxxxxxxx
> > [1200806891]
> >
> > Could you please tell me how to interpret/parse these so that they show
> > time in hrs:min so that I can understand it?  (anything I could feed to
> > less would be grand).
use perl or die()^^. I got it using the following jumbled one-liner:

perl -npe '/^\[(\d+)\]/; @times = localtime $1; $times[4]++; $times[5]+=1900;
s/\[\d+\]/$times[2]:$times[1] $times[3].$times[4].$times[5]/;'

Just pipe your log through that and you will get beautiful (european) dates instead of timestamps.

Regards
Jan Seeger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQFHngYwMmLQdC6jvocRAofjAKCNWtVhKGrGgukMX9LprFDt08qblgCglj40
L3DUKgZpph5DnAB6qE36tIk=
=nyK3
-----END PGP SIGNATURE-----
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[Peter Humphrey]

On Monday 28 January 2008 15:15:09 Etaoin Shrdlu wrote:

> The solution Mick previously found seems to work just fine even
> with /var/log/emerge.log:
>
> # grep completed /var/log/emerge.log | perl -pe 's/(\d+)/localtime($1)/e'
> Tue Nov  2 16:57:54 2004:  ::: completed emerge (1 of 1)
> sys-apps/portage-2.0.51-r2 to /
> Tue Nov  2 16:58:54 2004:  ::: completed emerge (1 of 1)
> sys-apps/portage-2.0.51-r2 to /
> ...

Yes, it does here too*. I'm still scratching my head over how to pipe it 
into a command to filter grep output, but without involving much typing; 
that's why I went looking for someone else's solution.

* Though I don't know what search terms he gave to Google - anything I've 
tried returns copious amounts of stuff that's no use to me.

-- 
Rgds
Peter
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[Peter Humphrey]

On Monday 28 January 2008 16:43:29 Jan Seeger wrote:

> perl -npe '/^\[(\d+)\]/; @times = localtime $1; $times[4]++;
> $times[5]+=1900; s/\[\d+\]/$times[2]:$times[1]
> $times[3].$times[4].$times[5]/;'
>
> Just pipe your log through that and you will get beautiful (european)
> dates instead of timestamps.

> use perl or die()^^.

s/or/and/  :-)

> I got it using the following jumbled one-liner: 

Nope. I pasted that into a file called pipe, and it still returns Unix time 
stamps, thus:

$ grep completed /var/log/emerge.log | tail | ./pipe
1201599475:  ::: completed emerge (1 of 86) kde-base/arts-3.5.8 to /
...

Next?   :-)

-- 
Rgds
Peter
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[Jan Seeger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 29. Jan, Peter Humphrey spammed my inbox with 
> On Monday 28 January 2008 16:43:29 Jan Seeger wrote:
<snip>
> 
> Nope. I pasted that into a file called pipe, and it still returns Unix time 
> stamps, thus:
> 
> $ grep completed /var/log/emerge.log | tail | ./pipe
> 1201599475:  ::: completed emerge (1 of 86) kde-base/arts-3.5.8 to /
Just execute the exact command line I gave you. Perl needs the command line arguments to work it's
magic.

- -- 
thenybble.de/blog/ -- four bits at a time
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQFHnwwgMmLQdC6jvocRAk5NAJ93PwwcdZGa8kEMawJD2HnyHi0bFwCeOyz/
MeScJQlQzXCnbjqjnNZFTJo=
=OLup
-----END PGP SIGNATURE-----
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[Jan Seeger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 29. Jan, Jan Seeger spammed my inbox with 
> On Tue, 29. Jan, Peter Humphrey spammed my inbox with 
> > On Monday 28 January 2008 16:43:29 Jan Seeger wrote:
> <snip>
> > 
> > Nope. I pasted that into a file called pipe, and it still returns Unix time 
> > stamps, thus:
> > 
> > $ grep completed /var/log/emerge.log | tail | ./pipe
> > 1201599475:  ::: completed emerge (1 of 86) kde-base/arts-3.5.8 to /
Also, you suddenly changed the timestamp and removed the '['s and ']'s.
Regards
Jan Seeger

- -- 
thenybble.de/blog/ -- four bits at a time
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQFHnwyWMmLQdC6jvocRApOsAJ4yzt/l+q1mD5KW/+umGbuOvstrogCfRrMv
NCM5/7T8+exfhzrC9knqGE8=
=2j6a
-----END PGP SIGNATURE-----
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[Etaoin Shrdlu]

On Tuesday 29 January 2008, Peter Humphrey wrote:

> Yes, it does here too*. I'm still scratching my head over how to pipe
> it into a command to filter grep output, but without involving much
> typing; that's why I went looking for someone else's solution.

You probably already thought about this, but you can of course define an 
alias or script to avoid typing everything all the times.
-- 
gentoo-user@lists.gentoo.org mailing list

Re: [gentoo-user] Time format in log files

[Peter Humphrey]

On Tuesday 29 January 2008 11:37:15 Etaoin Shrdlu wrote:
> On Tuesday 29 January 2008, Peter Humphrey wrote:
> > Yes, it does here too*. I'm still scratching my head over how to pipe
> > it into a command to filter grep output, but without involving much
> > typing; that's why I went looking for someone else's solution.
>
> You probably already thought about this, but you can of course define an
> alias or script to avoid typing everything all the times.

I've been trying to write a script, but perhaps I should use an alias 
instead - thanks for the idea.

-- 
Rgds
Peter
-- 
gentoo-user@lists.gentoo.org mailing list