Picviz graphing apache logs

Picviz graphing apache logs

This parallel coordinates graph shows 412429 lines of one of my wallinfire.net access log with generated with Picviz svn. This is the first of a set of graphs which will derivate from this one. The most complete one.

To generate such a graph, simply use the apache-access2picviz Perl script available from trunk/tools. Then, use the heatline plugin to see line frequencies: the more green the line is, the lowest it appears. When a line is in red, it means it comes often. This way you can easily see if an event is regular or not. To generate this image, you can type: pcv -Tpngcairo access.pcv -Rheatline -Avirus -rra > accesslogs.png

First axis = Time (24 hour) with 00:00 at the bottom and 23:59 on the very top.

Second axis = Source IP with at the bottom and on the very top.

Third axis = HTTP request type.

Fourth = Request

Tomorrow, I will post a filtered graph, on the request axis to see what are the IP addresses that are doing abnormal requests.

Picviz is available as free software on http://www.wallinfire.net/picviz

Parallel Coordinates Analysis

This is great. Can you say something about what the graph is showing and what you learned from it?

Also, the labels are a bit distracting. Is there a way you can get rid of them if they start to clutter the display? Maybe use some heuristic to only show every 100th label or so. What would definitely help is indicating the minimum and maximum on an axis if it's numerical...

Keep the images coming!

What I learned from it is

What I learned from it is coming with next images :)

As of your advices to show labels every 100th and min/max values of each axis, this is not yet implemented but I will do.