Researchers with the Honeynet Project have created a graphic user interface (GUI) that plots a wide variety of data and give a visual representation that can make it easier to detect attacks.
The new GUI is part of the open-source Picviz tool. The developers say the graphic display is rendered from “traffic logs, database logs, SSH logs, syslogs, IPtables logs, Apache logs, and other sources.”
Picviz is described in a Nov. 25 paper “Know your tools: use Picviz to find attacks” by Sebastien Tricaud of The Honeynet Project and Victor Amaducci of the University of Campinas (Unicamp) (paper here.)
Picviz available here.
Here is a Picviz graphic rendering of traffic indicating an OpenVPN session.
The red displays the line of the VPN session (data taken from tcpdump.)
(More info on wallinfire site here.)