[SecViz] Picviz releases

[Sebastien Tricaud]

Hi folks,

I am proud to release three modules at once, under the release version
0.6rc1, code name "Eicar". A *lot* of commits and new feature came in
since the latest 0.5 released January 25th.

First of all, Picviz got split in 4 different modules + 1 for the user
guide (which still needs love). In the near future, releases will be
separated, but since so many features impacting the 3 modules below
got introduced, I release them all at once.

Download at: http://www.wallinfire.net/files/picviz/

SHA512:
9aeb6829dda8077694d45a060ef31364f21615fddd7929b0e3b1f47371e28526817706a04e35181306d1b20c8c72e9858064eba894b9552209cbf225fe13ec34
 libpicviz-0.6rc1.tar.gz
b9adb9d210b7efe459bd7cd4e204952292a198f1c2834323f30700fd11d952e392d86f7ce5c240fbf717ecc3991bd50ca4a436a80a5c7a16b1b8b8387aa5ac96
 picviz-cli-0.6rc1.tar.gz
a3109032ee57b56900b1e4c5ac116216f3769b804305766e028ba28846e252dfabdec90147504620df0b6dc5035375d30e0f553b28c299720368c50ec86e6cc3
 picviz-gui-0.6rc1.tar.gz


Also, for those of you who may be in Berlin next will, I will be
presenting at the Eicar convention the subject "Applied Parallel
Coordinates for Logs and Network Traffic Attack Analysis" with
Philippe Saadé. You can find more information on the conference
website (http://www.eicar.org/conference/presentations.htm). We've got
best paper award.


Now let's talk about those releases:

1) picviz-cli

Simple program implementing all features the library provides so that
it is made usable. I actually got rid of the '-t' parameter that you
use to tell which template you work with. I prefer keeping the same
consistency that non real time. In short, what is the template is
actually the configuration you use for axes plotting when you use the
local socket as an event loop.

2) picviz-gui

Python+QT Frontend. Even though the Google Summer of Code starts May
23rd, Victor and Gabriel already started hacking on it:
* Porting the GUI to the new bindings from libpicviz
* Add the axes order changing feature

3) libpicviz

This is where most of the work goes, since it benefits all the other modules:
* Use of libev instead of libevent. You can now remove libevent
dependency (and libev is included within libpicviz, so no dependency
there too)
* Can plot curves instead of straight lines in the pngcairo plugin,
simply call 'curves' as an argument (pcv -Tpngcairo file.pgdl -o
file.png -Acurves)
* Can embed filters in the header
* New Python bindings
* The axes order can be changed on the fly :
axes {
   integer axis1;
   integer axis2;
   integer axis3;
}

if you want to see the relation between axis1 and axis3, you can now do:
axes {
   integer axis1;
   integer axis3;
   integer axis2;
}

without rewriting the while pgdl.
* Axes can be repeated:
axes {
   integer axis1;
   integer axis2;
   integer axis3;
   integer axis1;
}
data {
   axis1="1", axis2="123", axis3="12345";
...
}

will add an extra axis, with data from axis1 after axis3.
* Axes can be hidden on the fly:
axes {
   integer axis1;
   integer axis2;
#   integer axis3;
}

Will show only axis1 and axis2.

* Layers + possibility to hide any you don't want
You can define elements into a layer like this:

layer layername {
    axis1="123", axis2="1234", axis3="12345";
}

or:
    axis1="123", axis2="1234", axis3="12345" [inlayer="layername"];

And you can hide layers you don't want to display like this:
header {
    hide-layers = "layer1, layer2";
}

* Logo can be embedded in the image
So that you can make your boss happy by embedding the company logo ;-)

* Simplified filters:
'show plot > 50% on axis 1' actually became 'plot > 50% on axis 1'. No
need for show nor hide.

* Frequency filtering
'freq > 0.5': this applies on all axes.

* Limit the axis variable height using an unsigned long long integer
Until now new variables had to be created for new variable type. While
keeping the current way is good because you can then easily plot time,
ip addresses, port numbers etc., you can now use a number which tells
which maximum the axis can receive:

axes {
    65535 axis1;
    10000 axis2;
}

* Fixed cmake warnings

* Can show only min and max values on label, use the -m flag with pcv
(pcv -Tpngcairo -m file.pgdl -o file.png)

* The plplot plugin got removed. No need and not as powerful as the
pngcairo plugin.

A lot more of course... usual bugfixes etc. This was the hardest
release to produce until now, and if course it is the best ever (and
not as good at 0.7 ;)).

Please test, report bugs. The final 0.6 will actually be mostly
warning fixes, valgrinds and documentation updates.


Thanks for your attention, and thank to all the people involved in
various part of the project. It is very successful from all those
effort.

Regards,
Sebastien.