{"id":101,"date":"2007-06-17T10:29:41","date_gmt":"2007-06-17T15:29:41","guid":{"rendered":"http:\/\/raffy.ch\/blog\/2007\/06\/17\/afterglow-158-security-data-visualization\/"},"modified":"2007-06-17T10:33:34","modified_gmt":"2007-06-17T15:33:34","slug":"afterglow-158-security-data-visualization","status":"publish","type":"post","link":"https:\/\/raffy.ch\/blog\/2007\/06\/17\/afterglow-158-security-data-visualization\/","title":{"rendered":"AfterGlow 1.5.8 &#8211; Security Data Visualization"},"content":{"rendered":"<p>Finally! I worked on this <a href=\"http:\/\/afterglow.sourceforge.net\">AfterGlow<\/a> release forever. I submitted a few checkpoints to CVS before I felt read to released <a href=\"http:\/\/downloads.sourceforge.net\/afterglow\/afterglow-1.5.8.tar.gz?use_mirror=surfnet\">AfterGlow 1.5.8<\/a>. I highly recommend upgrading to 1.5.8. It has a few bugfixes, but what you will find most rewarding is the new color assignment heuristic and the capability to change the node sizes. Here is the complete changelog:<\/p>\n<p><code>06\/10\/07        Version 1.5.8<br \/>\n- Nodes can have a size now:<br \/>\n(size.[source|target|event]=&lt;expression returning size&gt;)<br \/>\nSize is accumulative! So if a node shows up multiple times, the<br \/>\nvalues are summed up!! This is unlike any other property in<br \/>\nAfterGlow where values are replaced.<br \/>\n- The maximum node size can be defined as well, either with a property:<br \/>\n(maxnodesize=&lt;value&gt;)<br \/>\nor via the command line:<br \/>\n-m=&lt;value&gt;<br \/>\nThe size is scaled to a max of 'maxsize'. Note that if you<br \/>\nare only setting the maxsize and no special sizes for nodes<br \/>\nAfterglow will blow the nodes up to optimal size so the labels<br \/>\nwill fit.<br \/>\nThere is a limit also, if you want the source nodes to be a max of say<br \/>\n1, you cannot have the target nodes be scaled to fit the labels. They<br \/>\nwill have a max size of 1 and if you don't use any expression, they will<br \/>\nbe of size 1. This can be a bit annoying ;)<br \/>\nBe cautious with sizes. The number you provide in the assignment is not the actual size<br \/>\nthat the node will get, but this number will get scaled!<br \/>\n- One of the problems with assignments is that they might get overwritten with later nodes<br \/>\nFor example, you have these entries:<br \/>\nA,B<br \/>\nA,C<br \/>\nand your properties are:<br \/>\ncolor=\"blue\" if ($fileds[1] eq \"B\")<br \/>\ncolor=\"red\"<br \/>\nyou would really expect the color for A to be blue as you specified that explicitly.<br \/>\nHowever, as the other entry comes later, the color will end up being red. AfterGlow takes<br \/>\ncare of this. It will determine that the second color assignment is a catch-all, identified<br \/>\nby the fact that there is no \"if\" statement. If this happens, it will re-use the more specific<br \/>\ncondition specified earlier. I hope I am making sense and the code really does what you would<br \/>\nexpect ;)<br \/>\n- Define whether AfterGlow should sum node sizes or not.<br \/>\n(sum.[source|target|event]=[0|1];)<br \/>\nby default summarization is enabled.<br \/>\n- Added capability to define thresholds per node type in properties file<br \/>\n(threshold.[source|event|target]=&lt;value&gt;;)<br \/>\n- Added capability to change the node shape:<br \/>\nshape.[source|event|target]=<br \/>\n(box|polygon|circle|ellipse|invtriangle|octagon|pentagon|diamond|point|triangle|plaintext)<br \/>\n- Fixed an issue where, if you use -t to only process two columns<br \/>\nand you can use the third in the property file for size or color.<br \/>\nThe third column was not carried through, however. This is fixed!<br \/>\n- The color assignment heuristic changed a bit. Along the same lines that the size assignment works.<br \/>\nCatch-alls are not taking presedence anymore. You might want to take this into account when defining<br \/>\ncolors. The catch-all will only be used, if there was never a more specific color assignment that<br \/>\nwas evaluated for this node. For example:<br \/>\ncolor=\"gray50\" if ($fields[2] !~ \/(CON|FIN|CLO)\/)<br \/>\ncolor=\"white\"<br \/>\nThis is used with a three-column dataset, but only two are displayed (-t). If the first condition<br \/>\never evaluated to true for a node, the last one will not hit, although the data might have a node that<br \/>\nevaluates to false in the first assignment and then the latter one would grip. As a catch-all it does<br \/>\nget superior treatment. This is really what you would intuitively assume.<br \/>\n- Just another note on color. Watch out, if you are definig colors not based on the fields in the<br \/>\ndata, but some other conditions that might change per record, you will get the wrong results as<br \/>\nAfterGlow uses a cache for colorswhich keys off the concatenation of all the field values. Just<br \/>\na note! Anyone having problems with this? I might have to change the heuristic for caching then. Let<br \/>\nme know.<br \/>\n<\/code><br \/>\n[tags]afterglow, visualization, security log analysis, security visualization[\/tags]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Finally! I worked on this AfterGlow release forever. I submitted a few checkpoints to CVS before I felt read to released AfterGlow 1.5.8. I highly recommend upgrading to 1.5.8. It has a few bugfixes, but what you will find most rewarding is the new color assignment heuristic and the capability to change the node sizes. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,2],"tags":[],"class_list":["post-101","post","type-post","status-publish","format-standard","hentry","category-log-analysis","category-visualization"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts\/101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/comments?post=101"}],"version-history":[{"count":0,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/posts\/101\/revisions"}],"wp:attachment":[{"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/media?parent=101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/categories?post=101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/raffy.ch\/blog\/wp-json\/wp\/v2\/tags?post=101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}