#!/usr/bin/perl -w
# [MJS 12 Oct 2001] Convert syslog entries to UTC ISO8601 timestamps
# Due to syslog flaw, only works on logs that are < 11 months old.

use strict;
use POSIX;
use Time::Local qw(timelocal);

## Instead of installing a function like Date::Calc::Decode_Month
my %months = ( "Jan" => 0, "Feb" => 1, "Mar" => 2, "Apr" => 3, "May" => 4,
    "Jun" => 5, "Jul" => 6, "Aug" => 7, "Sep" => 8, "Oct" => 9,
    "Nov" => 10, "Dec" => 11);

while (<>) {
    ## Parse it or print it as-is and goto next line
    my ($mon, $mday, $hms, $log) = m{^ (\w{3}) \s{1,2} (\d{1,2}) \s (\d{2}:\d{2}:\d{2}) \s (.*)$}x or print and next;

    ## Convert to "standard" seconds-since-epoch
    my $time = timelocal reverse(split /:/, $hms), $mday, $months{$mon},
	(localtime)[5] - ((localtime)[4] < $months{$mon} ? 1 : 0); # ASSUME log is recent

    ## Output in the desired format
    printf "%s %s\n", POSIX::strftime("%Y-%m-%d %H:%M:%S", gmtime($time)), $log;
}

# $Id: syslog-to-iso8601-utc,v 1.1 2003/05/02 11:42:24 suter Exp $