Table of Contents

djbware

Program-program djb (mis: qmail, tinydns) yang menggunakan multilog umumnya memiliki log dengan format sbb:

@4000000047903f2c2ba5d9dc c0a80067:2efb:115d + 001c steven.builder.localdomain
@4000000048281e251d962a54 starting tinydns
@4000000048281e26270e217c c0a80067:7995:f94c + 0001 testmkey.steven.builder.localdomain
...

di mana field pertama @… adalah timestamp 64bit. Untuk mengubah timestamp ini ke dalam bentuk yang enak dibaca manusia (human-readable format), gunakan tai64nlocal, mis:

$ cat current | tai64nlocal | less -S

Contoh output:

2008-01-17 18:01:54.533243500 c0a80067:20b9:5d3f + 001c steven.builder.localdomain
2008-05-12 17:38:19.496380500 starting tinydns
2008-05-12 17:38:20.655237500 c0a80067:7995:f94c + 0001 testmkey.steven.builder.localdomain
...

Squid

Squid menggunakan Unix epoch untuk timestamp di lognya, mis:

1209660855.567 156515 192.168.0.103 TCP_SWAPFAIL_MISS/503 1498 GET http://osnews.com/files/recent.xml - DIRECT/osnews.com text/html
1209666853.235 155570 192.168.0.103 TCP_SWAPFAIL_MISS/503 1514 GET http://digg.com/rss/containertechnology.xml - DIRECT/digg.com text/html
1209666854.236 156029 192.168.0.103 TCP_MISS/503 1504 GET http://detikinet.com/index.php/feed - DIRECT/detikinet.com text/html
...

untuk mengubahnya menjadi format yang enak dibaca manusia, Anda bisa menggunakan skrip awk/Perl/Ruby sederhana mis:

$ cat /var/log/squid/access.log | perl -lpe '/(\d+\.\d+) (.+)/ and $_ = localtime($1)." $2"'
$ cat /var/log/squid/access.log | perl -pe 's/^\d+\.\d+/localtime $&/e'

Contoh output:

Sat May 24 01:37:02 2008 155717 192.168.0.103 TCP_SWAPFAIL_MISS/503 1518 GET http://rss.slashdot.org/Slashdot/slashdot - DIRECT/rss.slashdot.org text/html
Sat May 24 01:37:02 2008 156118 192.168.0.103 TCP_SWAPFAIL_MISS/503 1498 GET http://osnews.com/files/recent.xml - DIRECT/osnews.com text/html
Sat May 24 03:17:01 2008 156609 192.168.0.103 TCP_SWAPFAIL_MISS/503 1514 GET http://digg.com/rss/containertechnology.xml - DIRECT/digg.com text/html
...