Re: Timestamp Question

[Anthony Kim <Anthony.Kim () VWCREDIT COM>]

On Fri, Jun 06, 2003, Sh J wrote:

> Hello u all,

Hello to you too!

>  
> I'm using snort on win2000 machine. my question is i need to change time
> stamp field from one to 2 fileds date and time does it possible.
> Any help will do.

I was also puzzled at the change to time_t format output files.
[But it makes sense, really.]

So anyhow you can simply post process the files using the
language of your choice.

I use python.

Here are some examples to get ideas flowing:

> > > from time import *
> > > print "%s" % (ctime(1054924984))
> > > Fri Jun 06 13:43:04 2003

Nope.  We want a tuple to pass to strftime()

Let's try this:

> > > print "%s" % (strftime("%Y %m %d %H", localtime(1054924984)))
> > > 2003 06 06 13

Sure let's use that.

OK, you don't want to use python. Or you'd rather use perl or
vbscript or awk or whatever.  Experiment.




-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users