Squid uses Unix time for its timestamps, which is not human readable eg
Here's a perl script convert unix timestamp in squid access.log to normal time. I found it here www.terrencemiao.com/Webmail/msg00333.html.
Here's how to use it.
First create a file called squidtimeconvert.pl and open it for editing
touch ~/squidtimeconvert.pl
nano squidtimeconvert.pl
add the following lines
#! /usr/bin/perl -p
s/^\d+\.\d+/localtime $&/e;
save and exit
allow it to execute
- chmod o+x squidtimeconvert.pl
then run it on the log file of your choice
- ~/timeconvert.pl /squid-access.2009-03-09
I had need of a similar squid log post-processor not so long ago, and wrote the following script /usr/local/squidlogtimedecode
ReplyDeleteI don't pretend it's beautiful or clever, but doesn't need arguments to decode the current log file, and can decode alternative files
blogger has broken indentation
#!/usr/bin/perl
if (defined $ARGV[0] && $ARGV[0] eq '--help')
{
print "Usage: \"squidlogtimedecode [file name]\"\n";
exit 1;
}
my $squidLog = '/var/log/squid/access.log';
if (defined $ARGV[0] && $ARGV[0] ne '')
{
$squidLog = $ARGV[0];
}
print "squid log file is $squidLog\n";
my $FH;
if ($squidLog eq '-')
{
$FH = *stdin;
}
else
{
open (FHH, "<$squidLog") or die "Error, failed to open $squidLog for reading\n";
$FH = \*FHH;
}
my $squidSecs = 0, $squidSubSecs = 0, $logLine = '';
while (<$FH>)
{
chomp;
$_ =~ /^(\d+)\.(\d+)\s(.*)$/;
$squidSecs = $1;
$squidSubSecs = $2;
$logLine = $3;
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($squidSecs);
++$mon;
$mon = $mon < 10 ? "0$mon" : $mon;
$year = 1900 + $year;
$mday = $mday < 10 ? "0$mday" : $mday;
$sec = $sec < 10 ? "0$sec" : $sec;
$min = $min < 10 ? "0$min" : $min;
$hour = $hour < 10 ? "0$hour" : $hour;
print "$year$mon$mday $hour:$min:$sec.$squidSubSecs $logLine\n";
}