[SecViz] Afterglow: Is it possible to split a field?

Raffael Marty raffy at raffy.ch
Wed Mar 10 11:56:37 EST 2010

Previous message: [SecViz] Afterglow: Is it possible to split a field?
Next message: [SecViz] Afterglow: Is it possible to split a field?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Paul,

Sure you can do that.

Let's say you have a three column input:

10.0.0.1,20.2.2.2,100
12.2.2.2,10.0.0.1,12

So, you have a source address, destination address, and a count. Then do this:

cat file | afterglow -t -c file.properties | ....

What is important is the -t, which tells AfterGlow to only visualize two columns. The third column will still be available in your config file. So, the file.properties would look something like:

color.target = "red" if ($fields[2]>100)

Note, it's $fields[2], not 3! What you could also:

color = "green" if (fields()>100)

Hope this helps. Looking forward to seeing your output on secviz.org. What's the use-case you are after?

Cheers

Raffael

--
Raffael Marty, Founder @ Loggly
@zrlram raffy.ch/blog

On Mar 10, 2010, at 5:56 AM, Paul Halliday wrote:

> Or have field[3] available?

>

> I want to colour a source or target based on its count of events.

> Is this possible?

>

> Thanks.

> _______________________________________________

> SecViz-Visualization mailing list

> SecViz-Visualization at secviz.org

> http://eight.pairlist.net/mailman/listinfo/secviz-visualization

Previous message: [SecViz] Afterglow: Is it possible to split a field?
Next message: [SecViz] Afterglow: Is it possible to split a field?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SecViz-Visualization mailing list