[logs] Visual Security Event Analysis

From: Raffael Marty (rmarty@private)
Date: Fri Aug 05 2005 - 08:26:22 PDT

With regards to the last posts about IP to geo-location mappings, Jess
mentioned a couple of tools to do visual analysis of network traffic. I
presented at DefCon last Sunday and released a tool called AfterGlow,
which you can use to graph log files. The tool is at:


and the presentation is available via my Web page:


If you have any troubles or questions, please let me know. Also, if you
should generate some cool graphs, I'd love to get a copy!



PS: If you should ever have to parser tcpdump output, afterglow contains
a script: tcpdump2csv.pl which you can use to parse tcpdump output. It
will take care of swapping sources and targets for the responses...

Raffael Marty, GCIA, CISSP                               raffy@private
Senior Security Engineer                       http://security.raffy.ch
PGP: 0x4E0F59A9                3000 D9E8 4442 211D  1523 6C96 6818 90EA
LogAnalysis mailing list

This archive was generated by hypermail 2.1.3 : Mon Aug 08 2005 - 15:31:07 PDT