Convert Endpoint Protection Manager syslog.log Timestamp to Standard Timestamp

Article:TECH141276  |  Created: 2010-10-05  |  Updated: 2010-10-05  |  Article URL http://www.symantec.com/docs/TECH141276
Article Type
Technical Solution


Issue



The 2nd column in the Endpoint Protection Manager syslog.log file represents a timestamp value.  The timestamp data is stored in a hexadecimal format.  You want to convert the hexadecimal value to a standard MM/DD/YYYY HH:MM:SS timestamp.


Solution



The timestamp is in Windows NT System Time format stored as a hexadecimal value.  The following example demonstrates converting the hexadecimal value to a standard timestamp.

Example Value: 01cb63d8e1fcac54

  1. Convert 01cb63d8e1fcac54 to a decimal value of 129306797465709652.
    • This can be done with the Microsoft calc.exe program in the scientific view.  Select Hex as the format and paste the hexadecimal value in to the calculator.  With the value pasted in to the calculator select Dec and it will convert the displayed number from hexadecimal to decimal.
  2. Use Microsoft's w32tm tool to convert the decimal value to the desired MM/DD/YYYY HH:MM:SS format.
    • w32tm /ntte 129306797465709652



Article URL http://www.symantec.com/docs/TECH141276


Terms of use for this information are found in Legal Notices