Tag Archives: graphviz

Mapping Pixel People formulae with graphviz

pixel peopleI had reached the “end” of the Pixel People game sometime ago, but it was not the end of my experiment as yet.

Basically the professions unlock formulae was going to be the base for me to do some link plotting of their relationships. Graphviz works with the DOT file format, which is nothing more than a text file, so it makes for nice shell scripting. Of course there are other awesome helper libraries like afterglow (messed around with it a bit in the past) which make use of the graphviz library to do the final plotting, but being able to plot directly with graphviz also gives us some more flexibility to do whatever we want (most of the time).

Part of the raw file, with the formulae:

engineer = mayor + mechanic
sheriff = mayor + mayor
architect = mayor + engineer
landscaper = assistant + architect
deputy = assistant + sheriff
gardener = landscaper + deputy
mechanical engineer = mechanic + engineer
botanist = farmer + farmer

The code to create the two DOT files (undirected and directed graphs), and to generate the images based on different layout algorithms. Circo, fdp and sfdp layouts weren’t really useful for this kind of graph, so I commented them out.


echo "graph pixpple {" > graph.dot
echo "overlap=scalexy;" >> graph.dot
echo "splines=true;" >> graph.dot
cat formulae | sed -re 's/ /_/g' -e 's/^(.+)_=_(.+)_\+_(.+)$/\2 -- \1\n\3 -- \1/' | sed -r 's/$/;/' >> graph.dot
echo "}" >> graph.dot

echo "digraph pixpple {" > digraph.dot
echo "overlap=scalexy;" >> digraph.dot
echo "splines=true;" >> digraph.dot
cat formulae | sed -re 's/ /_/g' -e 's/^(.+)_=_(.+)_\+_(.+)$/\2 -> \1\n\3 -> \1/' | sed -r 's/$/;/' >> digraph.dot
echo "}" >> digraph.dot

echo "============================================="
dot -v -Tpng digraph.dot > dot.png

echo "============================================="
neato -v -Tpng digraph.dot > neato.png

echo "============================================="
twopi -v -Tpng digraph.dot > twopi.png

#echo "============================================="
#circo -v -Tpng digraph.dot > circo.png

#echo "============================================="
#fdp -v -Tpng graph.dot > fdp.png

#echo "============================================="
#sfdp -v -Tpng graph.dot > sfdp.png

The front part of the digraph DOT file:

digraph pixpple {
mayor -> engineer;
mechanic -> engineer;
mayor -> sheriff;
mayor -> sheriff;
mayor -> architect;

The front part of the graph DOT file:

graph pixpple {
mayor -- engineer;
mechanic -- engineer;
mayor -- sheriff;
mayor -- sheriff;
mayor -- architect;

And some results…

dot layout output
dot layout output
neato layout output
neato layout output
twopi layout output
twopi layout output

Visualizing sshd brute-force attempts (part 2)

It’s always better to Read The Fine Manual (or run perl afterglow.pl -h for the more updated helpfile)…though it’s not really that well documented 😛  Afterglow allows for two column inputs, rather than us having to do weird tricks to make them 3-column.

(Note to self: get the raw data with fields in the order that you want where possible/faster, rather than pumping it through sed.  Makes for good practice though.)

Using the csv file containing userids (visualized in yellow) and IPs (visualized in green) over the past few months from Splunk, here’re the results of some of the experiments.

Oh, for the Windows users, you can use type instead of cat 😉

First test using GraphViz’s neato to layout:

perl afterglow.pl -b 1 -i <infile> -c color.properties -t | neato -Tgif -o output.gif

Huge, but better visualized with -e 5 option (Resulting image for that is too huge to upload though :P). Note the single IP in the middle (the yellow explosion) that had been trying a LOT of userids to date.

Second test using fdp:

perl afterglow.pl -b 1 -i <infile> -c color.properties -t | fdp -Tgif -o output.gif

fdp doesn't seem to be well suited for this

Third test using sfdp:

No command here, you should have noticed the pattern from the first two…

_even_ less suited for this type of data...

Last test using twopi:

According to the GraphViz site, twopi’s more suited for visualizing stuff like telecommunications flows.