blob: 6136c213fc1ba99c0c23312015c2317f4490f99d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
#+title: Inspecting Nginx Logs with GoAccess and MaxMind GeoIP Data
#+date: 2023-06-08
#+description: Learn how to use GoAccess and MaxMind to evaluate visitors to your web server.
#+filetags: :sysadmin:
* Overview
[[https://goaccess.io/][GoAccess]] is an open source real-time web log
analyzer and interactive viewer that runs in a terminal in *nix systems
or through your browser.
* Installation
To start, you'll need to install GoAccess for your OS. Here's an example
for Debian-based distros:
#+begin_src sh
sudo apt install goaccess
#+end_src
Next, find any number of the MaxMind GeoIP database files on GitHub or
another file hosting website. We're going to use P3TERX's version in
this example:
#+begin_src sh
wget https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-City.mmdb
#+end_src
Be sure to save this file in an easy to remember location!
* Usage
In order to utilize the full capabilities of GoAccess and MMDB, start
with the command template below and customize as necessary. This will
export an HTML view of the GoAccess dashboard, showing all relevant
information related to that site's access log. You can also omit the
=-o output.html= parameter if you prefer to view the data within the CLI
instead of creating an HTML file.
With the addition of the GeoIP Database parameter, section
=16 - Geo Location= will be added with the various countries that are
associated with the collected IP addresses.
#+begin_src sh
zcat /var/log/nginx/example.access.log.*.gz | goaccess \
--geoip-database=/home/user/GeoLite2-City.mmdb \
--date-format=%d/%b/%Y \
--time-format=%H:%M:%S \
--log-format=COMBINED \
-o output.html \
/var/log/nginx/example.access.log -
#+end_src
** Example Output
See below for an example of the HTML output:
#+caption: GoAccess HTML
[[https://img.cleberg.net/blog/20230608-goaccess/goaccess-dashboard.png]]
You can also see the GeoIP card created by the integration of the
MaxMind database information.
#+caption: GoAccess GeoIP
[[https://img.cleberg.net/blog/20230608-goaccess/goaccess-geoip.png]]
That's all there is to it! Informational data is provided in an
organized fashion with minimal effort.
|
