Topic: Deciphering timestamps in log files

[Sandra]

An example from smtpfront-qmail:

@400000003fc2b0f0361f6284 tcpserver: pid 23944 from 202.137.134.124

Now, I assume the first 'word' preceded by the '@' is some sort of timestamp. However, it isn't a Unix timestamp. Can anyone enlighten me? I'd like to find out when these log entries are made. Or, is it simply a 'serial number' for each entry?

[Charlie Brady]

Sandra wrote:

> An example from smtpfront-qmail:
>
> @400000003fc2b0f0361f6284 tcpserver: pid 23944 from
> 202.137.134.124

Unless you are using an old version, the timestamps are deciphered in the "view logfiles" panel.

> Now, I assume the first 'word' preceded by the '@' is some
> sort of timestamp. However, it isn't a Unix timestamp. Can
> anyone enlighten me? I'd like to find out when these log
> entries are made.

The timestamps are in tai64n format. If you pipe the logfile through "tai64nlocal" they are converted to local time.

Read more here:

http://cr.yp.to/daemontools/tai64nlocal.html

Charlie

[Sandra]

Thanks. Got some meanigful results. Maybe it's common knowledge but not here - ctrl-c is what exits me from it when I've used it.

[Warren Blackbeard]

Charlie wrote :
>Unless you are using an old version, the timestamps are deciphered in the "view logfiles" panel.

In version 5.6 the logfiles panel view still shows in the "non-converted" format ; to view the date/time you must pipe it as you mentioned above.

Warren