- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: converting 'last' and 'lastb' date string
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2011 08:13 AM
07-06-2011 08:13 AM
Can anyone think of a quick and easy way to convert the date and time stamp in the wtmp/btmp entries so that:
"Mon Jun 6 20:46 "
looks like
"2011/06/06 20:46:00"
We're using Net-Syslog-0.04 to send last/lastb output to ArcSight, perhaps someone is already doing this so that we don't have to reinvent the wheel? :)
Solved! Go to Solution.
- Tags:
- last
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2011 08:42 AM
07-06-2011 08:42 AM
Re: converting 'last' and 'lastb' date string
If you want to roll your own, then you'll need something along the (perl example) lines of:
use strict;
my $y=1900+(localtime)[5]; # Pick up the current year
while (<>) { # for this example read terst data from stdin
m /\s*\w+\s+(\w+)\s+(\d+)\s+(\S+)/; # Match it!
my $m=index( q( JanFebMarAprMayJunJulAugSepOctNovDec),$1)/3; # Calculate month
printf qq(%4d/%02d/%02d %s:00\n), $y, $m, $2, $3;
}Just as easily done in Awk or shell.
You may have to teachit to become timezone, and language aware.
Google for strftime and such functions for more help.
Hein
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2011 09:36 AM
07-06-2011 09:36 AM
Re: converting 'last' and 'lastb' date string
I'm not sure if fwtmp(1M) output has a better date format?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2011 09:55 AM
07-06-2011 09:55 AM
SolutionHi:
I agree with Dennis. Using 'fwtmp' will also show the timestamp's in Epoch seconds which then becomes easily reformatted using 'strftime()' to any format you desire. This also has the advantage of computing the correct year when 6-months of records cross a year's boundry.
# perl -MPOSIX -le 'print strftime "%m/%d/%Y %T",localtime(1309971149)'
07/06/2011 12:52:29
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-06-2011 10:07 AM
07-06-2011 10:07 AM
Re: converting 'last' and 'lastb' date string
Thanks to everyone who replied, these are great ideas and I will work off of these. Appreciate the help!