24 hours of firewall logs plotted by dest port over time (color is source port)

24 hours of firewall logs plotted by dest port over time (color is source port)

Next, a plot of the same data using the destination port number over time points to obvious port scanning in the form of diagonal lines as well as odd patterns that sync with the previous destination IP address plot.

All of these graphs were created by parsing firewalls logs using a perl script and loading them into Advizor Analyst.