Back to list
[logs] Picviz 0.2 is out!
Aug 07 2008 12:34PM
Sebastien Tricaud (stricaud inl fr)
Release note for Picviz 0.2
Picviz is a parallel coordinates plotter which enables easy scripting from
various input (tcpdump, syslog, iptables logs, apache logs, etc..) to visualize
your data and discover interesting results quickly.
Picviz helps you to create, automate and understand parallel coordinates plots.
Its primary goal is to graph data in order to be able to quickly analyze
problems and find correlations among variables. With security analysis in mind,
the program has been designed to be very flexible, able to graph millions of
The language is designed to be close to the graphviz graph description
Picviz features a language to describe your graphs; An engine producing images
in parallel coordinates from this language; Python bindings to gather
calculated data, raw data and a frontend written in Python and QT4.
* Multiple PCV file inclusion. Instead of writing all your data in one single
file, you can use templates and include them:
char foo [label="bar"];
ipv4 src [label="source ip"];
* New type: UTC. You can now set the utc type in the axes section like this:
and then add data in the format "YYYY-MM-DD hh:mm:ss":
time="2008-08-07 14:01:00", ...
The minimum representable time is 1901-12-13, and the maximum representable
time is 2038-01-18. Because of the large scale, it is recommended to use this
type in relative mode, that you activate prepending the following section in
your PCV file:
relative = "1";
* PLplot plugin: The plplot library (http://www.plplot.org), is used to
generate those big files that will ruin inkscape or any SVG reader program
that cannot handle 2 millions of lines! ;)
This plugin behaves slightly differently from the SVG plugin since it is
interactive: your are asked for the type of file you want and then for the
output file name. I've got best graphs with the plplot-cairo driver.
To have this plugin build, you need libplplot development headers and to
use it, simply run: pcv -Tplplot file.pcv
You can get the latest release from the project page at the following URL:
I would like to thank:
* The honeypot project for useful data I've got with those old scan of the
month challenges to validate my tool, create scripts etc...
* Yoann Vandoorselaere from Prelude IDS for his work on the string algorithm,
the UTC type and the relative mode.
* Tomas Heinrich from Redhat for redex fixes in tools/syslog2picviz.pl.
* Alfred Inselberg from School of Mathematical Sciences, Tel Aviv University
for the encouragements he gave me and his great achievement with parallel
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
[ reply ]
Copyright 2010, SecurityFocus