hacktracking: # Plotting dionaea's statistics with gnuplot

Introduction

Dionaea
Gnuplot
SQLite

Execution

# cat sqlite.query
select
 strftime('%Y-%m-%d',c.connection_timestamp,'unixepoch','localtime') as date,
 count(distinct c.connection), count(distinct d.connection)
from connections c
left outer join downloads d
on (c.connection==d.connection)
group by date
order by date asc;
# sqlite3 /opt/dionaea/var/dionaea/logsql.sqlite
sqlite> .output data.txt
sqlite> .read sqlite.query
sqlite> .exit
# cat data.txt
2011-02-10|125|11
2011-02-11|541|9
2011-02-12|1487|6
2011-02-13|207|5
2011-02-14|611|11
2011-02-15|99|10
2011-02-16|131|12
2011-02-17|128|12
# apt-get install gnuplot
# gnuplot
gnuplot> set terminal png size 640,480 nocrop butt font \
> "/usr/share/fonts/truetype/ttf-liberation/LiberationSans-Regular.ttf"
gnuplot> set output "dionaea.png"
gnuplot> set xdata time
gnuplot> set timefmt "%Y-%m-%d"
gnuplot> set format x "%b %d"
gnuplot> set ylabel "attacks"
gnuplot> set y2label "binaries"
gnuplot> set y2tics
gnuplot> set datafile separator "|"
gnuplot> plot "./data.txt" using 1:2 title "attacks" with lines,\
> "./data.txt" using 1:3 title "binaries" with lines axes x1y2
gnuplot> exit
# eog dionaea.png

# Plotting dionaea's statistics with gnuplot

No comments: