I was playing with AfterGlow and visualizing netflow data lately. I realized that some of the configurations in AfterGlow are a bit tedious. So I added a new property to address coloring independent of the node: color=”blue” for example. I also added a feature to turn off labels on a per-node type. For example label.source=0 turns off source node labels. And finally I started playing with clustering of nodes. A lot of times you end up with a huge amount of nodes and you don’t really need to know all the details of that cluster, you just want to know that there is something going on around there. So for example for IP addresses, oftentimes you want to cluster by subnets (e.g., A, B, C classes):

cluster.source=regex_replace(“(\\d\+\\.\\d+)”).”/16″ if (!match(“^(212\.254\.110|195\.141\.69)”))

This looks complicated, but it’s not that bad. Basically there are a few functions I introduced. Read it from right to left. First you check whether there is a match on the source field (we are doing cluster.source) for either of these two IP ranges. If so, you take that value and you do a regex_replace on it. Basically getting the two first octets and adding “/16″ to it. An easier example would be:

cluster.target=”bigger than 1024” if ($fields[1]>1024)

AfterGlow 1.4, which supports clusters and all the other things is now available via sourceforge.