HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

converting 'last' and 'lastb' date string

 
SOLVED
Go to solution
ca25089
Member

converting 'last' and 'lastb' date string

Can anyone think of a quick and easy way to convert the date and time stamp in the wtmp/btmp entries so that:

 

"Mon Jun  6 20:46 "

 

looks like

 

"2011/06/06 20:46:00"

 

We're using Net-Syslog-0.04 to send last/lastb output to ArcSight, perhaps someone is already doing this so that we don't have to reinvent the wheel?  :)  

4 REPLIES
Hein van den Heuvel
Honored Contributor

Re: converting 'last' and 'lastb' date string

If you want to roll your own, then you'll need something along the (perl example) lines of:

 

use strict;

my $y=1900+(localtime)[5];     # Pick up the current year
while (<>) {                   # for this example read terst data from stdin
  m /\s*\w+\s+(\w+)\s+(\d+)\s+(\S+)/;  # Match it!
  my $m=index( q(   JanFebMarAprMayJunJulAugSepOctNovDec),$1)/3; # Calculate month
  printf qq(%4d/%02d/%02d %s:00\n), $y, $m, $2, $3;
}

 Just as easily done in Awk or shell.

You may have to teachit to become timezone, and language aware.

Google for strftime and such functions for more help.

 

Hein

 

Re: converting 'last' and 'lastb' date string

I'm not sure if fwtmp(1M) output has a better date format?

James R. Ferguson
Acclaimed Contributor
Solution

Re: converting 'last' and 'lastb' date string

Hi:

 

I agree with Dennis.  Using 'fwtmp' will also show the timestamp's in Epoch seconds which then becomes easily reformatted using 'strftime()' to any format you desire.  This also has the advantage of computing the correct year when 6-months of records cross a year's boundry.

 

# perl -MPOSIX -le 'print strftime "%m/%d/%Y %T",localtime(1309971149)'
07/06/2011 12:52:29

Regards!

 

...JRF...

ca25089
Member

Re: converting 'last' and 'lastb' date string

Thanks to everyone who replied, these are great ideas and I will work off of these.  Appreciate the help!