2

I'm new on this, so I'll try explain it the best I can do it =).

I'm working with iptables logs system, particulary with the "alleged" field that returns me iptables like float timestamp format.

Oct  2 21:16:40 debian kernel: [11354.641909] Nuevo intento de conexion SSHIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=192.168.1.1 DST=192.168.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19375 DF PROTO=TCP SPT=47913 DPT=22 WINDOW=43690 RES=0x00 SYN URGP=0

It would be the first field in square brackets of the line of code [11354.641909].

When I try to transform this value into a date type from python:

print time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(11354.641909))

I get the following date:

1970-01-01 04:09:14

The date should obtain it is similar to the first fields of the iptables line.

I don't know what I'm doing wrong but I'm going crazy looking everywhere and I can't find an answer to this.

The version of iptables is the v 1.4.21 and my system is a Debian Jessie.

Thanks a lot for the help!

A greeting,

MG

MGautier
  • 25
  • 1
  • 7

1 Answers1

2

The value is not an epoch timestamp, it's the number of seconds since the boot of your server. More information on how to make this readable: Convert dmesg timestamp to custom date format .

Community
  • 1
  • 1
Sander88
  • 71
  • 4
  • Thanks!, you were very fast!. Af first my idea is to directly take the messages file in /var/log and parse it to get this information...but if that value is the number of seconds it takes on the server, it may not help me provide more information for my processing log. – MGautier Oct 02 '15 at 20:13