[Snort-users] Timestamp Question

Anthony Kim Anthony.Kim at ...9338...
Fri Jun 6 12:04:18 EDT 2003


On Fri, Jun 06, 2003, Sh J wrote:

> Hello u all,

Hello to you too!

>  
> I'm using snort on win2000 machine. my question is i need to change time
> stamp field from one to 2 fileds date and time does it possible.
> Any help will do.

I was also puzzled at the change to time_t format output files.
[But it makes sense, really.]

So anyhow you can simply post process the files using the
language of your choice.

I use python.

Here are some examples to get ideas flowing:

>>> from time import *
>>> print "%s" % (ctime(1054924984))
>>> Fri Jun 06 13:43:04 2003

Nope.  We want a tuple to pass to strftime()

Let's try this:

>>> print "%s" % (strftime("%Y %m %d %H", localtime(1054924984)))
>>> 2003 06 06 13

Sure let's use that.

OK, you don't want to use python. Or you'd rather use perl or
vbscript or awk or whatever.  Experiment.






More information about the Snort-users mailing list