I'm trying to find clues to HOW to do that 🙂
I read an interesting paper on another methond with afterflow,
approache is similar but less powerfull :
http://www.giac.org/paper/gcia/1651/visualizing-firewall-log-data-detect-security/109883
I plan to watch a webcast tonight on that subject :
http://searchsecurity.techtarget.com/video/Splunk-tutorial-demonstrates-how-to-use-Splunk-for-security?videoId=5d82b5ba1459b310VgnVCM1000000d01c80aRCRD
I found several visualization solutions with a post:
tnv - The Network Visualizer or Time-based Network Visualizer
http://tnv.sourceforge.net/
INAV - Interactive Network Active-traffic Visualization
http://inav.scaparra.com/about/abstract/
Will look deeper in them.
Don't hesitate to give your answer on this resarch 🙂
My position is to :
1) Index flat files into splunk (firewall logs, routers logs..etc)
2) Then maybe integrate some other dat into splunk and visualize data FROM it.. the question is HOW.
flat files ---> splunk --> graph with what app ?
inav/
..etc
... View more