The new release 0.5 of Picviz is out. This version comes with real-time mode enabled (and adds the libevent dependency) among other things, such as new properties and variables.
Get it from the usual place.
What is Picviz?
When considering log files for security, usual applications available today
either look for patterns using signature databases or use a behavioral
approach. In both cases, information can be missed. The problem becomes
bigger with systems receiving a massive amount of logs.
I gave a lecture on Picviz during the Usenix Workshop on the Analysis of System Logs (WASL 2008).
My slides 'Picviz: finding a needle in a haystack' are available right here.
I also ran for the Cray log analysis contest analysis. Slides of stuff I discovered are here.