content/blog/2023-06-08-goaccess-geoip.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

+++
date = 2023-06-08
title = "Inspecting Nginx Logs with GoAccess and MaxMind GeoIP Data"
description = ""
draft = false
+++

# Overview

[GoAccess](https://goaccess.io/) is an open source real-time web log
analyzer and interactive viewer that runs in a terminal in \*nix systems
or through your browser.

# Installation

To start, you\'ll need to install GoAccess for your OS. Here\'s an
example for Debian-based distros:

```sh
sudo apt install goaccess
```

Next, find any number of the MaxMind GeoIP database files on GitHub or
another file hosting website. We\'re going to use P3TERX\'s version in
this example:

```sh
wget https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-City.mmdb
```

Be sure to save this file in an easy to remember location!

# Usage

In order to utilize the full capabilities of GoAccess and MMDB, start
with the command template below and customize as necessary. This will
export an HTML view of the GoAccess dashboard, showing all relevant
information related to that site\'s access log. You can also omit the
`-o output.html` parameter if you prefer to view the data
within the CLI instead of creating an HTML file.

With the addition of the GeoIP Database parameter, section
`16 - Geo Location` will be added with the various countries
that are associated with the collected IP addresses.

```sh
zcat /var/log/nginx/example.access.log.*.gz | goaccess     \
--geoip-database=/home/user/GeoLite2-City.mmdb             \
--date-format=%d/%b/%Y                                     \
--time-format=%H:%M:%S                                     \
--log-format=COMBINED                                      \
-o output.html                                             \
/var/log/nginx/example.access.log -
```

## Example Output

See below for an example of the HTML output:

![GoAccess
HTML](https://img.cleberg.net/blog/20230608-goaccess/goaccess-dashboard.png)

You can also see the GeoIP card created by the integration of the
MaxMind database information.

![GoAccess
GeoIP](https://img.cleberg.net/blog/20230608-goaccess/goaccess-geoip.png)

That\'s all there is to it! Informational data is provided in an
organized fashion with minimal effort.