Analyzing log files can be a huge headache for Linux administrators because it records a lot of things. Most novice and junior administrators have no idea how to analyze. If you have a lot of knowledge about analyzing logs, then you are a *NIX system expert.

There are many tools in Linux that make it easy to analyze logs. GoAccess is one of the tools that allows users to easily analyze Web server logs. We will discuss the GoAccess tool in detail in this article.

GoAccess

GoAccess is a real-time Web log analyzer and interactive viewer that can be run from a terminal in a * NIx system or accessed through a browser.

GoAccess requires very few dependencies. It is written in C and requires only Ncurses.

It supports Apache, Nginx, and Lighttpd logging. It provides fast and valuable HTTP statistics in real time to system administrators who need dynamic visual server reporting.

GoAccess parses the specified Web log file and outputs the data to the X terminal and browser.

GoAccess is designed to be a fast terminal-based log analyzer. The core idea is to quickly analyze and view Web server statistics in real time without using a browser.

The default output is at the terminal, which is also capable of generating complete, self-contained real-time HTML reports, as well as JSON and CSV reports.

GoAccess supports any custom log format and includes the following predefined log format options: combined log format XLF/ELF in Apache/Nginx, and common log format CLF in Apache, but not limited to.

GoAccess function

  • Full real-time: All metrics are updated every 200 milliseconds on the terminal and every second on the HTML output.
  • Tracking application response time: The time required to track service requests. This is useful if you want to keep track of pages that slow down your website.
  • Visitors: Determines clicks, visitors, bandwidth, and metrics for the slowest running request by hour or date.
  • According to the virtual host metric: If there are multiple virtual hosts (Server), which provides a panel to show which virtual hosts are consuming most of the Web server resources.

How do I install GoAccess?

I recommend that users install GoAccess from the distribution’s official repository with the help of the package manager. It is available in most distribution official repositories.

We know that we get outdated packages in standard distributions, while rolling distributions always contain the latest packages.

If you are running an operating system with a standard distribution, I recommend checking alternatives such as PPA or GoAccess official Maintainer repositories to get the latest packages.

For Debian/Ubuntu systems, use apt-get or APT to install GoAccess on your system.

# apt install goaccess
Copy the code

To get the latest GoAccess package, use the official GoAccess repository below.

$ echo "deb https://deb.goaccess.io/ $(lsb_release -cs) main" | sudo tee -a/etc/apt/sources.list.d/goaccess.list $ wget -O - https://deb.goaccess.io/gnugpg.key | sudo apt-key add - $ sudo apt-get  update $ sudo apt-get install goaccessCopy the code

For RHEL/CentOS systems, use YUM package manager to install GoAccess on your system.

# yum install goaccess
Copy the code

For Fedora systems, use the DNF package manager to install GoAccess on your system.

# dnf install goaccess
Copy the code

For ArchLinux/Manjaro based systems, use the Pacman package manager to install GoAccess on your system.

# pacman -S goaccess
Copy the code

For openSUSE Leap systems, use the Zypper package manager to install GoAccess on your system.

# zypper install goaccess
# zypper ar -f obs://server:http
# zypper ref && zypper in goaccess
Copy the code

How do I use GoAccess?

After GoAccess is successfully installed. Simply enter the goaccess command and then enter the Web server log location to view.

# goaccess [options] /path/to/Web Server/access.log
# goaccess /var/log/apache/2daygeek_access.log
Copy the code

When you execute the command above, it asks you to select a log format configuration.

I tested this with Apache access logs. The Apache log is divided into fifteen sections. Details are as follows. The main section shows summaries of these fifteen sections.

The screen capture below includes four sections, such as the unique visitor, the requested file, the static request, and the url not found.

The following screen capture includes four sections, such as guest host name and IP, operating system, browser, and time distribution.

The screen capture below includes four sections, such as source url, source site, Google search engine results, and HTTP status code.

To generate an HTML report, use the following command. I initially encountered an error when trying to generate an HTML report.

# goaccess 2daygeek_access.log -a > report.htmlGoAccess -version 1.3 -Nov 23 2018 11:28:19 Config file: No config file used Fatal error has occurred Error occurred at: src/parser.c - parse_log - 2764 No time format was found on your conf file.Parsing... [0] [0/s]Copy the code

It says “your CONF file did not find the time format”. To fix this, add the COMBINED log format option.

# goaccess -f 2daygeek_access.log --log-format=COMBINED -o 2daygeek.htmlParsing... [0165] [50165 / s]Copy the code

GoAccess also allows you to access and analyze live logs for filtering and parsing.

# tail -f /var/log/apache/2daygeek_access.log | goaccess -
Copy the code

Please refer to its MAN page or help for more details.

# man goaccess# goaccess --help
Copy the code

Via: www.2daygeek.com/goaccess-a-…

By Vinoth Kumar, lujun9972

This article is originally compiled by LCTT and released in Linux China