[SecViz] Print node labels only after threshold

[Raffael Marty]

Nice! How did you get the session table out? (iptables -L -n -v?) 

If you use "afterglow -e 1.5 ..." you might get a bit of a tighter graph. The default edge length of 3 is generally a bit big.

Thx for posting!

  Raffael

--
Raffael Marty,                               Founder @ Loggly
@zrlram                                         raffy.ch/blog

On Apr 14, 2010, at 4:05 AM, Michel Ferreira wrote:


> Thanks Raffy, worked like a charm =)

> 

> Here's my properties file, for anyone who wants to reproduce. The

> input is a session table of a firewall.

> 

> # AfterGlow Color Property File

> #

> # @fields is the array containing the parsed values

> # color.source is the color for source nodes

> # color.event is the color for event nodes

> # color.target is the color for target nodes

> #

> # The first match wins

> #

> 

> color.source="yellow" if ($fields[0]=~/^192\.168\..*/);

> color.source="greenyellow" if ($fields[0]=~/^10\..*/);

> color.source="lightyellow4" if ($fields[0]=~/^172\..*/);

> color.source="red"

> 

> color.event="blue" if ($fields[1]<1024)

> color.event="lightblue"

> 

> color.target="yellow" if ($fields[2]=~/^192\.168\..*/);

> color.target="greenyellow" if ($fields[2]=~/^10\..*/);

> color.target="lightyellow4" if ($fields[2]=~/^172\..*/);

> color.target="red"

> 

> # Changing node labels:

> #label=substr(field(),0,10)

> label=field() if ($fields[0] > 100)

> 

> # URL for nodes (used for graphviz to enable image map functionality)

> # This is an exampel of how to use AfterGlow with Splunk

> url=http://localhost:8000/?q=\N%20starthoursago%3A%3A24

> 

> # Using node sizes:

> #size.source=1;

> #size.target=200

> #maxNodeSize=0.2

> 

> I've attached the resulting file.

> 

> Regards,

> Michel

> 

> On Tue, Apr 13, 2010 at 7:48 PM, Raffael Marty <raffy at raffy.ch> wrote:

>> You can do that.... You will have to do something like:

>> 

>> label=field() if ($foo)

>> 

>> in the property file. $foo is your condition. The threshold you get through $targetCount{$targetName}...

>> 

>> label=field() if ($targetCount{$targetName} > 10)

>> 

>> I haven't tried this, but this is I think how you can do it. Let me know if that works.

>> 

>>  Raffy

>> 

>> --

>> Raffael Marty,                               Founder @ Loggly

>> @zrlram                                         raffy.ch/blog

>> 

>> On Apr 13, 2010, at 1:16 PM, Michel Ferreira wrote:

>> 

>>> On afterglow is there any way to print the labels only after certain threshold ?

>>> 

>>> Regards,

>>> 

>>> Michel

>>> _______________________________________________

>>> SecViz-Visualization mailing list

>>> SecViz-Visualization at secviz.org

>>> http://eight.pairlist.net/mailman/listinfo/secviz-visualization

>> 

>> 

> <print_14-04-2010 08.01.11.png>_______________________________________________

> SecViz-Visualization mailing list

> SecViz-Visualization at secviz.org

> http://eight.pairlist.net/mailman/listinfo/secviz-visualization