Help for epoch time conversion

#1 absolis 7 years ago

Hi, can anyone help me with the output of my nxlog.conf
I want to convert epoch time from my Bro logs;

Part of the logs:

1482865199.693051 FSYupp4bmRs8tT5Jyg 3 5A00020E4289E78C695848......
1482865200.300809 FmXyl22Uxsq1cudDd8 3 5A00020E4289E78C695848......
1482865200.203542 FAuSUU3X9pgdSJ2D2g 3 5A00020E4289E78C695848.......
1482865201.043722 F0KUdW3Nm5edyqPXLl 3 0CEAC9CAD430F24F334575.......

My current settings are

<Output o.name.log>
Module om_tcp
Host xx.xxx.xxx.xxx
Port xxxx
OutputType LineBased
</Output>

Thanks!

Permalink

#2 b0ti Nxlog ✓ 7 years ago (Last updated 7 years ago )

#1 absolis

Hi, can anyone help me with the output of my nxlog.conf I want to convert epoch time from my Bro logs; Part of the logs: 1482865199.693051 FSYupp4bmRs8tT5Jyg 3 5A00020E4289E78C695848...... 1482865200.300809 FmXyl22Uxsq1cudDd8 3 5A00020E4289E78C695848...... 1482865200.203542 FAuSUU3X9pgdSJ2D2g 3 5A00020E4289E78C695848....... 1482865201.043722 F0KUdW3Nm5edyqPXLl 3 0CEAC9CAD430F24F334575....... My current settings are <Output o.name.log> Module om_tcp Host xx.xxx.xxx.xxx Port xxxx OutputType LineBased </Output> Thanks!

The following should do that:

Exec if $raw_event =~ /^(\S+)/ { $EventTime = parsedate($1); }