Friday, March 20, 2020

Working with Time - Automating Epoch To Local

Recently, I encountered a situation where I had to have a large number of epoch times converted to local time. On most days, for a one off conversion, you can leverage the Linux command prompt with


1
2
root@securitynik:~# date --date '@1582902198'
Fri 28 Feb 2020 10:03:18 AM EST

However, in this case, with a large number of times, we need to automate that conversion. The script below addressed this need.

Here is a sample of the file:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
root@securitynik:~# cat Possible-Password-Spraying.csv | grep --perl-regexp "TimeGenerated=[0-9]*" --color=always --only-matching | awk --field-separator='=' '{ print $2 }' | more

1582902198
1582902292
1582902223
1582902225
1582902200
1582902160
1582902158
1582902156
1582902162
1582902155
1582902154
....

Script to solve the problem.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/usr/bin/env python3

'''
This script is meant to take a file containing epoch times
and converting the times to local times

In Unix, epoch time is the number of seconds since January 1, 1970
In Windows epoch time is the number of 100ns intervals since January 1, 1601
https://devblogs.microsoft.com/oldnewthing/20090306-00/?p=18913
https://www.computerhope.com/jargon/e/epoch.htm

'''

__version__ = '0.1'
__author__ = 'Nik Alleyne'
__contact__ = 'nalleyne@forsythe.com'
__maintainer__ = 'Nik Alleyne'
__status__ = 'Development'
__date__ = '2020-03-20'



import time

if __name__ == '__main__':
    '''
    create a file point, to point to the file we wish to read
    Note this file must already exist. Here is the command I used to 
    extract the time from a window log using IBM WinCollect Agent.
    
    root@securitynik:~# cat Possible-Password-Spraying.csv | grep --perl-regexp "TimeGenerated=[0-9]*" --color=always --only-matching | awk --field-separator='=' '{ print $2 }' > /tmp/epoch.txt
    '''
    epoch_fp = open('/tmp/epoch.txt', 'r')

    # Read all lines in the file one by one
    for epoch_line in epoch_fp.readlines():
        #print('{}'.format(epoch_line))
        # the "strip('\n')" is used to remove the extra spaces between two lines
        epoch_line = epoch_line.strip('\n')

        # The file also still contains some special characters
        epoch_line = ''.join(filter(str.isalnum, epoch_line )).replace('mK','')
        
        #Remove special characters from the line
        #print(float(epoch_line))

        # Convert the epoch to local time
        print(time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(float(epoch_line))))

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)