merge org branch into main

1 files changed, 64 insertions, 0 deletions

diff --git a/content/blog/2023-06-08-goaccess-geoip.org b/content/blog/2023-06-08-goaccess-geoip.org
new file mode 100644
index 0000000..6136c21
--- /dev/null
+++ b/content/blog/2023-06-08-goaccess-geoip.org
@@ -0,0 +1,64 @@
+#+title: Inspecting Nginx Logs with GoAccess and MaxMind GeoIP Data
+#+date: 2023-06-08
+#+description: Learn how to use GoAccess and MaxMind to evaluate visitors to your web server.
+#+filetags: :sysadmin:
+
+* Overview
+[[https://goaccess.io/][GoAccess]] is an open source real-time web log
+analyzer and interactive viewer that runs in a terminal in *nix systems
+or through your browser.
+
+* Installation
+To start, you'll need to install GoAccess for your OS. Here's an example
+for Debian-based distros:
+
+#+begin_src sh
+sudo apt install goaccess
+#+end_src
+
+Next, find any number of the MaxMind GeoIP database files on GitHub or
+another file hosting website. We're going to use P3TERX's version in
+this example:
+
+#+begin_src sh
+wget https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-City.mmdb
+#+end_src
+
+Be sure to save this file in an easy to remember location!
+
+* Usage
+In order to utilize the full capabilities of GoAccess and MMDB, start
+with the command template below and customize as necessary. This will
+export an HTML view of the GoAccess dashboard, showing all relevant
+information related to that site's access log. You can also omit the
+=-o output.html= parameter if you prefer to view the data within the CLI
+instead of creating an HTML file.
+
+With the addition of the GeoIP Database parameter, section
+=16 - Geo Location= will be added with the various countries that are
+associated with the collected IP addresses.
+
+#+begin_src sh
+zcat /var/log/nginx/example.access.log.*.gz | goaccess     \
+--geoip-database=/home/user/GeoLite2-City.mmdb             \
+--date-format=%d/%b/%Y                                     \
+--time-format=%H:%M:%S                                     \
+--log-format=COMBINED                                      \
+-o output.html                                             \
+/var/log/nginx/example.access.log -
+#+end_src
+
+** Example Output
+See below for an example of the HTML output:
+
+#+caption: GoAccess HTML
+[[https://img.cleberg.net/blog/20230608-goaccess/goaccess-dashboard.png]]
+
+You can also see the GeoIP card created by the integration of the
+MaxMind database information.
+
+#+caption: GoAccess GeoIP
+[[https://img.cleberg.net/blog/20230608-goaccess/goaccess-geoip.png]]
+
+That's all there is to it! Informational data is provided in an
+organized fashion with minimal effort.