Re: Event second in unified2

[beenph <beenph () gmail com>]

On Sun, Jun 9, 2013 at 9:13 PM, waldo kitty <wkitty42 () windstream net> wrote:
> On 6/9/2013 20:22, SnortFan wrote:
> > Hi everyone,
> > How do you convert the event second in the U2SpewFoo output to a real date and
> > time? I'm having an issue with a sensor that appears to be reporting info into
> > base as one month prior to when its happening. The sensors servers date and time
> > are correct, so I'm trying to see if its snort or barnyard that is miss
> > configured. Has anyone had this issue before and if so what was the cause for you?
>
> please post a valid entry from your output that is not being converted properly...

 perl -e 'use POSIX qw(strftime); my $ze_time = XXXXXXXXX ; my
$conv_time = strftime "%a %b %e %H:%M:%S %Y",localtime($ze_time) ;
print  "$conv_time\n";'

Replace XXXXXXXX by utc timestamp.

binf@APOSTOL:~# perl -e 'use POSIX qw(strftime); my $ze_time =
1324954597 ; my $conv_time = strftime "%a %b %e %H:%M:%S
%Y",localtime($ze_time) ; print  "$conv_time\n";'
Mon Dec 26 21:56:37 2011
binf@APOSTOL:~#

-elz

------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!