Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hey Perl gurus,

I need your expert advice on how to get the epoch times into a script from multiple syslog files.

Here's what I have so far 

#!/usr/bin/perl



use Time::Local;

        $x = &getTime;
    sub getTime {
($sec,$min,$hour,$mday,$month,$year,$wday, $yday,$isdst)=localtime(tim
+e);
$epoch = timelocal($sec, $min, $hour, $mday, $month, $year);
return $epoch;
            }

@fileTotal = `ls /var/log/syslog*`; 
#foreach loop opens each log file
foreach $file (@fileTotal) {
chomp($file);
open(FILEREAD, "< $file");
while ($linebuf = <FILEREAD>) {
chomp($linebuf);          # remove <CR> at the end
        @data = split(/[ ]+/, $linebuf); 
                 if( $data[6] eq "session" && $data[7] eq "opened") {
                $d1 = index($linebuf, "[", 0);
                $d2 = index($linebuf, "]", ($d1+1));
                $ID = substr($linebuf, ($d1+1), ($d2-$d1-1));
                $openTime{$ID} = $epoch;
                $account{$ID} = $data[10];
                } elsif( $data[6] eq "session" && $data[7] eq "closed"
+) {
                # user SSH logoff session
                $d1 = index($linebuf, "[", 0);
                $d2 = index($linebuf, "]", ($d1+1));
                $ID = substr($linebuf, ($d1+1), ($d2-$d1-1));
                $closeTime = $epoch; 
                if( defined $account{$ID})  {
                $userAccount = $account{$ID};
                $duration = $closeTime - $openTime{$ID}; #interval
                $totalSession{$userAccount}++;
                $dSession{$userAccount} += $duration;
                }
        }

}
close FILEREAD;

                                                                      
+      
}
foreach $x (sort(keys %totalSession)) {
        $averageSession = $dSession{$x}/$totalSession{$x};
        printf "%-10s %10s %10s \t %.2f\n", $x,  $totalSession{$x},  $
+dSession{$x},  $averageSession;
}

[download]

My output gives me continuous 0s though like shown below. 

Account          Count   TotalTime       Average
                86          0         0.00
root             2          0         0.00
user01          37          0         0.00
user02           4          0         0.00
user03          86          0         0.00
user04          57          0         0.00
user05         945          0         0.00
user06          11          0         0.00
user07          46          0         0.00
user08          17          0         0.00
user09           2          0         0.00
user10          81          0         0.00

[download]
Any guidance you guru's can give will be appreciated. Thanks

Replies are listed 'Best First'.
Re: Passing epoch time to function to compare open session time and close session time
by poj (Abbot) on Feb 05, 2015 at 18:10 UTC

    Assuming your records are like this

    Jan 31 08:40:19 ubuntu01 sshd[32346]: pam_unix(sshd:session): session 
+opened for user rocky by (uid=0)

    [download]

    How is the year determined ?

    poj
[reply]
[d/l]
      The hour is also ambiguous around DST changes
[reply]
Re: Passing epoch time to function to compare open session time and close session time
by RonW (Parson) on Feb 06, 2015 at 00:01 UTC
[reply]
[reply]
Re: Passing epoch time to function to compare open session time and close session time
by RichardK (Parson) on Feb 05, 2015 at 18:06 UTC

    Maybe the time function will be of some help?

[reply]

Back to Seekers of Perl Wisdom