Jeremy Hansen <[EMAIL PROTECTED]> writes:
> So I'm using multilog and qmailanalog. I did some searching on the mail
> list and found some scripts that do the hex conversion, etc, but I'm
> seeing somewhat strange results anyway. All my time signatures change
> each time I run the logs through the setup of scripts and qmailanalog
> even though the log doesn't change:
> cat tmp | tai64n | ./tai64n2time | /usr/local/qmailanalog/bin/matchup |
> /usr/local/qmailanalog/bin/zoverall
So what's tmp (ie, where does it come from)? Just looking at that command
line, it looks a lot like you're adding timestamps to every line fresh
each time you run the above command pipeline, which means that you're
giving every line pretty much the same timestamp.
tai64n is intended to be used to put an accurate timestamp on each line
*when it's logged*, not after the fact. Since you're using multilog, you
don't need it at all; just use the t action in multilog.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
