Honeypots
Picviz 0.2 is out! Aug 07 2008 12:39PM
Sebastien Tricaud (stricaud inl fr)
Release note for Picviz 0.2
===========================

Picviz is a parallel coordinates plotter which enables easy scripting from
various input (tcpdump, syslog, iptables logs, apache logs, etc..) to visualize
your data and discover interesting results quickly.

Picviz helps you to create, automate and understand parallel coordinates plots.

Its primary goal is to graph data in order to be able to quickly analyze
problems and find correlations among variables. With security analysis in mind,
the program has been designed to be very flexible, able to graph millions of
events.

The language is designed to be close to the graphviz graph description
language.

Picviz features a language to describe your graphs; An engine producing images
in parallel coordinates from this language; Python bindings to gather
calculated data, raw data and a frontend written in Python and QT4.

New features
============
* Multiple PCV file inclusion. Instead of writing all your data in one single
file, you can use templates and include them:
{{{
@include "template-header.pcv"
axes {
char foo [label="bar"];
ipv4 src [label="source ip"];
}
...
}}}

* New type: UTC. You can now set the utc type in the axes section like this:
{{{
axes {
utc time;
...
}
}}}
and then add data in the format "YYYY-MM-DD hh:mm:ss":
{{{
data {
time="2008-08-07 14:01:00", ...
}
}}}
The minimum representable time is 1901-12-13, and the maximum representable
time is 2038-01-18. Because of the large scale, it is recommended to use this
type in relative mode, that you activate prepending the following section in
your PCV file:
{{{
engine {
relative = "1";
}
}}}}

* PLplot plugin: The plplot library (http://www.plplot.org), is used to
generate those big files that will ruin inkscape or any SVG reader program
that cannot handle 2 millions of lines! ;)
This plugin behaves slightly differently from the SVG plugin since it is
interactive: your are asked for the type of file you want and then for the
output file name. I've got best graphs with the plplot-cairo driver.

To have this plugin build, you need libplplot development headers and to
use it, simply run: pcv -Tplplot file.pcv

Download
========

You can get the latest release from the project page at the following URL:
http://www.wallinfire.net/picviz/wiki/ReleasesDownload

MD5:
544b4c1fb19f95761d43aeb9ec60c4dd picviz-0.2.tar.gz
SHA1:
ebf522c27a67cdd5fa8e7b9343c81634da6d6928 picviz-0.2.tar.gz
File size:
1129535

Credits
=======

I would like to thank:

* The honeypot project for useful data I've got with those old scan of the
month challenges to validate my tool, create scripts etc...

* Yoann Vandoorselaere from Prelude IDS for his work on the string algorithm,
the UTC type and the relative mode.

* Tomas Heinrich from Redhat for redex fixes in tools/syslog2picviz.pl.

* Alfred Inselberg from School of Mathematical Sciences, Tel Aviv University
for the encouragements he gave me and his great achievement with parallel
plots.

Enjoy!
Sebastien Tricaud.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus