diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh
index 3958ecf..6c91add 100755
--- a/modules/security/bot-analyzer.sh
+++ b/modules/security/bot-analyzer.sh
@@ -359,14 +359,14 @@ parse_logs() {
         # Format: IP - - [timestamp] "METHOD URL PROTOCOL" STATUS SIZE "REFERRER" "USER-AGENT"
         awk -v domain="$domain" -v hours_filter="$HOURS_BACK" -v days_filter="$DAYS_BACK" '
         BEGIN {
-            # Calculate cutoff timestamp (hours takes precedence)
+            # Calculate cutoff timestamp in epoch seconds for proper comparison
             if (hours_filter != "") {
-                cmd = "date -d \"" hours_filter " hours ago\" +\"%d/%b/%Y:%H:%M:%S\" 2>/dev/null || date -v-" hours_filter "H +\"%d/%b/%Y:%H:%M:%S\" 2>/dev/null"
-                cmd | getline cutoff_ts
+                cmd = "date -d \"" hours_filter " hours ago\" +%s 2>/dev/null || date -v-" hours_filter "H +%s 2>/dev/null"
+                cmd | getline cutoff_epoch
                 close(cmd)
             } else if (days_filter != "") {
-                cmd = "date -d \"" days_filter " days ago\" +\"%d/%b/%Y:%H:%M:%S\" 2>/dev/null || date -v-" days_filter "d +\"%d/%b/%Y:%H:%M:%S\" 2>/dev/null"
-                cmd | getline cutoff_ts
+                cmd = "date -d \"" days_filter " days ago\" +%s 2>/dev/null || date -v-" days_filter "d +%s 2>/dev/null"
+                cmd | getline cutoff_epoch
                 close(cmd)
             }
         }
@@ -385,13 +385,25 @@ parse_logs() {
             }
 
             # Filter by timestamp if time filter is set
-            if ((hours_filter != "" || days_filter != "") && timestamp != "unknown" && cutoff_ts != "") {
+            if ((hours_filter != "" || days_filter != "") && timestamp != "unknown" && cutoff_epoch != "") {
                 # Extract just the date/time part (before timezone)
                 split(timestamp, ts_parts, " ")
                 log_ts = ts_parts[1]
 
-                # Simple string comparison works for this format (dd/mmm/yyyy:HH:MM:SS)
-                if (log_ts < cutoff_ts) {
+                # Convert Apache timestamp format for date parsing
+                # From: 31/Dec/2025:10:30:15
+                # To:   31 Dec 2025 10:30:15
+                log_ts_formatted = log_ts
+                sub(/:/, " ", log_ts_formatted)      # Replace first : with space
+                gsub(/\//, " ", log_ts_formatted)    # Replace all / with space
+
+                # Convert to epoch seconds (GNU date for Linux, BSD date for macOS)
+                cmd = "date -d \"" log_ts_formatted "\" +%s 2>/dev/null || date -j -f \"%d %b %Y %H:%M:%S\" \"" log_ts_formatted "\" +%s 2>/dev/null"
+                cmd | getline log_epoch
+                close(cmd)
+
+                # Numerical comparison of epoch seconds
+                if (log_epoch != "" && log_epoch < cutoff_epoch) {
                     next  # Skip this entry, it's too old
                 }
             }