djbware
Program-program djb (mis: qmail, tinydns) yang menggunakan multilog umumnya memiliki log dengan format sbb:
@4000000047903f2c2ba5d9dc c0a80067:2efb: 115d + 001c steven.builder.localdomain @4000000048281e251d962a54 starting tinydns @4000000048281e26270e217c c0a80067:7995:f94c + 0001 testmkey.steven.builder.localdomain ...
di mana field pertama @… adalah timestamp 64bit. Untuk mengubah timestamp ini ke dalam bentuk yang enak dibaca manusia (human-readable format), gunakan tai64nlocal, mis:
$ cat current | tai64nlocal | less -S
Contoh output:
2008-01-17 18:01:54.533243500 c0a80067:20b9:5d3f + 001c steven.builder.localdomain 2008-05-12 17:38:19.496380500 starting tinydns 2008-05-12 17:38:20.655237500 c0a80067:7995:f94c + 0001 testmkey.steven.builder.localdomain ...
Squid
Squid menggunakan Unix epoch untuk timestamp di lognya, mis:
1209660855.567 156515 192.168.0.103 TCP_SWAPFAIL_MISS/503 1498 GET http://osnews.com/files/recent.xml - DIRECT/osnews.com text/html 1209666853.235 155570 192.168.0.103 TCP_SWAPFAIL_MISS/503 1514 GET http://digg.com/rss/containertechnology.xml - DIRECT/digg.com text/html 1209666854.236 156029 192.168.0.103 TCP_MISS/503 1504 GET http://detikinet.com/index.php/feed - DIRECT/detikinet.com text/html ...
untuk mengubahnya menjadi format yang enak dibaca manusia, Anda bisa menggunakan skrip awk/Perl/Ruby sederhana mis:
$ cat /var/log/squid/access.log | perl -lpe '/(\d+\.\d+) (.+)/ and $_ = localtime($1)." $2"' $ cat /var/log/squid/access.log | perl -pe 's/^\d+\.\d+/localtime $&/e'
Contoh output:
Sat May 24 01:37:02 2008 155717 192.168.0.103 TCP_SWAPFAIL_MISS/503 1518 GET http://rss.slashdot.org/Slashdot/slashdot - DIRECT/rss.slashdot.org text/html Sat May 24 01:37:02 2008 156118 192.168.0.103 TCP_SWAPFAIL_MISS/503 1498 GET http://osnews.com/files/recent.xml - DIRECT/osnews.com text/html Sat May 24 03:17:01 2008 156609 192.168.0.103 TCP_SWAPFAIL_MISS/503 1514 GET http://digg.com/rss/containertechnology.xml - DIRECT/digg.com text/html ...