ipt_recent Time Format

Chris F.A. Johnson cfaj-uVmiyxGBW52XDw4h08c5KA at public.gmane.org
Mon Aug 14 01:12:58 UTC 2006 

On Sat, 12 Aug 2006, Gregory D Hough wrote:

> Tluggers,
>
> Is anyone familiar with NetFilter's timestamps? This is what they typically 
> look like:
>
> [root at localhost ~]# cat /proc/net/ipt_recent/ZW | grep '69\.63\.21\.188'
> src=69.63.21.188 ttl: 32 last_seen: 2484808297 oldest_pkt: 1 last_pkts: 
> 2484808297
>
> And from the log I know the time it was last_seen three days ago:
>
> [root at localhost ~]# grep SYNYSTR-RESET /var/log/messages | grep 
> '69\.63\.21\.188'
> Aug  9 00:24:18 localhost kernel: SYNYSTR-RESET: IN=eth1 OUT= 
> SRC=69.63.21.188 DST=192.168.1.251 LEN=64 TOS=0x00 PREC=0x00 TTL=32 ID=19088 
> DF PROTO=TCP SPT=2930 DPT=445 WINDOW=53760 RES=0x00 SYN URGP=0
>
> "Aug  9 00:24:18" && 2484808297 are true somehow

   In seconds since the epoch that date is:

$ date -d "Aug  9 00:24:18" +%s
1155097458

    Get a second date and its equivalent to find the relationship.

> I'm primarily interested in last_seen. I need a clean-up script which removes 
> an IP's record after a certain period of inactivity and I don't know how to 
> work with that value. Naturally if I can get the current time in the correct 
> format I can work with that value. I suspect it is microseconds since the 
> module was (re)loaded.
>
> How do I use date or time or whatever to read in the current value of NOW in 
> this format?

    The date man page lists all the formatting characters, e.g.:

now=$( date "+%b %d %H:%M:%S" )

    The same format characters can also be used with the dynamically
    loadable bash built-in command strftime. See
    <http://www.unixreview.com/documents/s=10089/ur0606a/ur0606a.htm>.

-- 
    Chris F.A. Johnson                      <http://cfaj.freeshell.org>
    ===================================================================
    Author:
    Shell Scripting Recipes: A Problem-Solution Approach (2005, Apress)
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list