Thursday, June 16, 2016

Tool for Aggregating, Analyzing, and Displaying Logs: GoAccess

GoAccess is a powerful tool for real-time log analysis, particularly useful for processing and displaying system logs or web server logs. Here's a step-by-step guide to setting it up:

Installation Steps

1. Install GeoIP Module

GeoIP is used for geographic data analysis.

curl -sL https://github.com/maxmind/geoip-api-c/releases/download/v1.6.9/GeoIP-1.6.9.tar.gz | tar xz
cd GeoIP-1.6.9
./configure --prefix=/usr/local
make && sudo make install

2. Install GeoIP Database

Download and set up the GeoIP database to map IPs to geographic locations.

wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip GeoIP.dat.gz
sudo mkdir -p /usr/local/share/GeoIP
sudo mv GeoIP.dat /usr/local/share/GeoIP/

3. Install Ncurses Module

Ncurses is required for terminal UI capabilities.

sudo yum install ncurses-devel

4. Install GoAccess

Download and install GoAccess with GeoIP and UTF-8 support.

wget http://tar.goaccess.io/goaccess-1.0.tar.gz
tar -xzvf goaccess-1.0.tar.gz
cd goaccess-1.0
./configure --enable-geoip --enable-utf8 --prefix=/usr/local
make && sudo make install

Run GoAccess

Run GoAccess with the following command to analyze a log file and generate an HTML report with real-time updates:

goaccess -f access_log.log -o report.html --real-time-html --ws-url=localhost

Important Notes

  1. Serve report.html via a Web Server:
    The report.html file contains logic for communicating with the WebSocket server launched by GoAccess. To make the report accessible, it needs to be served by a web server (e.g., Nginx, Apache).

  2. Nginx Example Configuration:
    Set up an alias for serving the report.html file.

    location /goaccess {
    alias /usr/local/nginx/html;
    index report.html;
}

Key Features

  • Real-time updates through WebSocket connections.
  • Detailed analysis of web logs, including:
    • Top visitors.
    • Traffic by IP or country (with GeoIP).
    • Most requested resources.
    • HTTP status codes.
    • Bandwidth usage.

By following these steps, you can efficiently set up GoAccess to monitor and analyze your server logs with real-time visual reports.

게시:
Labels: , ,