Postfix log analysis : Date calculation problem
Stephan Ruggiero
stephan.ruggiero at rad.ma.uni-heidelberg.de
Wed Apr 19 11:05:41 CEST 2006
Hello,
this is the header of a report created of a log file that covers
Jan-01 to Dec-31 :
Report generated: 2006-04-19 11:01:28 CEST
Reporting on period:
2005-04-21 00:01:01 UTC - 2006-04-20 23:59:02 UTC
I changed the system date to Jan-02-2006 (2 hours ago) and then ran
lire, it gave me this output:
Report generated: 2006-01-02 08:37:41 UTC
Reporting on period:
2005-01-05 11:28:10 UTC - 2006-01-01 19:34:53 UTC
It is a little strange that the times now are changed as well. Does
lire also "guess" the times?
So if I have to introduce the year into the log, can you give a hint
on how the correct format wold look like? ...maybe you also can give
a trick on how to realize that automatically??
Thanks for your help!
Best regards,
Stephan
Am 19.04.2006 um 10:05 schrieb Wytze van der Raay:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 19.04.2006 09:56, Joost van Baal wrote:
>> Op di 18 apr 2006 om 08:29:55 +0200 schreef Stephan Ruggiero:
>>> If this is a problem: Is there a way to get around it?
>>
>> Well, since syslog doesn't add the year to its timestamps, Lire uses
>> some heuristics to guess the year. There might very well be a bug in
>> these heuristics.
>
> I don't think there is a bug in the heuristics (which are indeed in
> Lire::Time::syslog2cal()), but you have to keep in mind that they are
> *heuristics*, i.e. they assume the "normal" case, processing a logfile
> which is fairly recent. More specifically, when running on April
> 19, 2006,
> the heuristic will map a "year-less" date in a logfile of April 21
> or later
> to the previous year (2005), but will map a year-less date up to
> April 20
> to the current year (2006). Thus a logfile with dates Jan 1 - Dec
> 31 will
> effectively be interpreted as containing dates April 21, 2005 -
> April 20, 2006.
> As far as I am aware, the only way out of this is to preprocess your
> logfile, adding an explicit year to the timestamps.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFERe9Uqs+zhiEbbu8RAlW0AKCE80O0AFfarhVtUbwUWJd/Jb+ULQCfTgeG
> E2T+YIU1iglpYFMxdT7JoC0=
> =gsx/
> -----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to questions-request at logreport.org with a subject of
"unsubscribe". Trouble? Send an email with subject "help" to
questions-request at logreport.org
More information about the Questions
mailing list