AfterGlow

Hi , im an apprentice to Sec Viz technology.
I used Afterglow to do some visualizing. i need to know how to do aggregation in that.Though I used the coding in Raffy's book, I couldn't make it. I am using the DAVIX and it's sample.properties file.The code that I have used was

color=”yellow” if (field() =~ /ˆ111\.222\..*/);
color.event=”green” if ($fields[1]<1024)
color.sourcetarget="blue"
cluster.target=regex_replace("(\\d\+)\\.\\d+")."/8"
if ($fields[1] eq "80")

Is this Ok? I don't get a different output .Pls let me know where have i gone wrong...

Cheers!!!
SmP.

AfterGlow Properties

I am not sure what you are trying to do. I am assuming the colors work. Your cluster expression is potentially missing a backslash in front of the + sign. Use this:

cluster.target=regex_replace("(\\d\+)\\.\\d\+")."/8" if ($fields[1] eq "80")

And make sure that your port numbers are in the second column ($fields[1]). Does this work? Also, if you have only two columns of source data, use -t on the command line.

trying to do aggregation.

According to your book (270page), i tried to add the coding to the properties file.I tried you method as well.But it didn't work.
Still my output is Messy.