Thursday, November 3, 2011

Convert squid timestamps to readable time

Squid uses Unix time for its timestamps, which is not human readable

Here's a perl script convert unix timestamp in squid access.log to normal time. I found it here www.terrencemiao.com/Webmail/msg00333.html.


Here's how to use it.

First create a file called squidtimeconvert.pl and open it for editing

    touch ~/squidtimeconvert.pl
    nano squidtimeconvert.pl

add the following lines


    #! /usr/bin/perl -p
    s/^\d+\.\d+/localtime $&/e;

save and exit

allow it to execute

    chmod o+x squidtimeconvert.pl

then run it on the log file of your choice

    ~/timeconvert.pl /squid-access.2009-03-09

1 comment:

previouslysilent said...

I had need of a similar squid log post-processor not so long ago, and wrote the following script /usr/local/squidlogtimedecode

I don't pretend it's beautiful or clever, but doesn't need arguments to decode the current log file, and can decode alternative files

blogger has broken indentation

#!/usr/bin/perl

if (defined $ARGV[0] && $ARGV[0] eq '--help')
{
print "Usage: \"squidlogtimedecode [file name]\"\n";
exit 1;
}

my $squidLog = '/var/log/squid/access.log';

if (defined $ARGV[0] && $ARGV[0] ne '')
{
$squidLog = $ARGV[0];
}

print "squid log file is $squidLog\n";

my $FH;
if ($squidLog eq '-')
{
$FH = *stdin;
}
else
{
open (FHH, "<$squidLog") or die "Error, failed to open $squidLog for reading\n";
$FH = \*FHH;
}

my $squidSecs = 0, $squidSubSecs = 0, $logLine = '';
while (<$FH>)
{
chomp;
$_ =~ /^(\d+)\.(\d+)\s(.*)$/;
$squidSecs = $1;
$squidSubSecs = $2;
$logLine = $3;
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($squidSecs);

++$mon;
$mon = $mon < 10 ? "0$mon" : $mon;
$year = 1900 + $year;
$mday = $mday < 10 ? "0$mday" : $mday;
$sec = $sec < 10 ? "0$sec" : $sec;
$min = $min < 10 ? "0$min" : $min;
$hour = $hour < 10 ? "0$hour" : $hour;
print "$year$mon$mday $hour:$min:$sec.$squidSubSecs $logLine\n";

}