Postfix log analysis : Date calculation problem
Wytze van der Raay
wytze at logreport.org
Wed Apr 19 13:27:11 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 19.04.2006 11:05, Stephan Ruggiero wrote:
> this is the header of a report created of a log file that covers Jan-01
> to Dec-31 :
>
> Report generated: 2006-04-19 11:01:28 CEST
> Reporting on period:
> 2005-04-21 00:01:01 UTC - 2006-04-20 23:59:02 UTC
>
> I changed the system date to Jan-02-2006 (2 hours ago) and then ran
> lire, it gave me this output:
>
> Report generated: 2006-01-02 08:37:41 UTC
> Reporting on period:
> 2005-01-05 11:28:10 UTC - 2006-01-01 19:34:53 UTC
>
> It is a little strange that the times now are changed as well. Does
> lire also "guess" the times?
No, lire does not do any time "guessing" :-)
The timestamps are different because in your initial run, 2005-04-21
was considered as the first day in your report, thus the time of the
earliest record on that day (apparently 00:01:01) was used for the
report's start, while in your second run, 2005-01-05 was considered
as the first day of the report, thus the time of the earliest record
for that day (apparently 11:28:10) was used for the report's start
(and similar logic for the end time).
> So if I have to introduce the year into the log, can you give a hint on
> how the correct format wold look like? ...maybe you also can give a
> trick on how to realize that automatically??
With the current lire release, there is only a limited number of
log formats for which a year indication is processed. The best thing
would be to add support to the Lire::Syslog module for processing
BSD-syslog style records with a year indication up front. But if you
don't want to do the programming for that, a quick hack is to
preprocess your postfix logfiles with a simple sed script like this:
sed -e 's/^\(...\) \(..\) \(..:..:..\)/[\2\/\1\/2005:\3 +0000]/' \
-e 's/\[ /[0/' \
-e 's/: /: General Information: /' <old-log-file >new-log-file
This converts the BSD syslog format into the Netscape Messenger Server
format which includes a year, and is already fully supported by lire.
Of course it's your responsibility to put the proper year ("2005")
and possibly timezone offset ("+0000") in the above sed script, as
appropriate for your logfiles.
Best regards,
- -- wytze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFERh6Oqs+zhiEbbu8RAuRoAKCg79utbcqBSBJVOvD++v5GetaxsQCdGzoe
1YXlPMYz9NeHahWbi/L96YQ=
=0F2E
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to questions-request at logreport.org with a subject of
"unsubscribe". Trouble? Send an email with subject "help" to
questions-request at logreport.org
More information about the Questions
mailing list