Previously we talked about configuring GeoIP module for Nginx Access log. This guide can be used on live production server. GoAccess is Easy to Install, Output Available on CLI or As HTML Here is How to Install GoAccess Nginx Access Log Analyzer on Ubuntu 16.04. There are two ways to install GoAccess — we can install from their repository with aptitude package manager or can build from source code with extra completion options. This is their official website. They have live demo :
1 | https://goaccess.io |
We will take it granted that your these are your LEMP configuration files (default locations for Ubuntu) :
1 2 3 4 | Nginx log file : /var/log/nginx/access.log Public root : /usr/share/nginx/html Nginx sites config file : /etc/nginx/sites-available/default Others : Does not matter |
You need to understand if things differ.
---
How to Install GoAccess Nginx Access Log Analyzer on Ubuntu 16.04
As like we said above, we can install from their repository with aptitude package manager or can build from source code with extra completion options. If you just want to test or you are not used with building software from source code, you can install from their repository with aptitude package manager. This way is very easy to uninstall. The disadvantage is that, this way will not give the version with all build options. There are two versions of packages. One not built with --enable-tcb=btree (which needs the command apt install goaccess), to have no on-disk support. For Ubuntu 16.04, we can use the version with built with --enable-tcb=btree (which needs the command apt install goaccess-tcb). We will show the installation of goaccess-tcb.
First add the repository, update :
1 2 3 | echo "deb http://deb.goaccess.io/ $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/goaccess.list wget -O - https://deb.goaccess.io/gnugpg.key | sudo apt-key add - apt update |
Install needed dependencies for GoAccess :
1 | apt install libnginx-mod-http-perl |
It will give many a times prompt to change or keep php.ini, nginx.conf etc files. You will always select the option keep your currently-installed version on production server. These are century old packages for Nginx, PHP 7.x. Any error message is misleading. Actually JSON function loaded differently now. Install another such package :
1 | apt install libtokyocabinet9 libncursesw5-dev libgeoip-dev libtokyocabinet-dev |
Finally install GoAccess :
1 | apt install goaccess-tcb |
Invoke goaccess by this command :
1 | goaccess -f /var/log/nginx/access.log -a |
Automatic install is not 100% easy. Otherwise we would not write guide. If you get a blank prompt for setup, simply keep first option, then hit c and fill the first field as %T and hit Enter key. It is useless function at this moment. We need to edit the default config file :
1 | nano /etc/goaccess.conf |
Find these lines, they should look active like this (not commented out), edit and save :
1 2 3 4 | ... date-format %d/%b/%Y ... log-format %h %^[%d:%^] "%r" %s %b "%R" "%u" |
How to Configure GoAccess HTML GUI Dashboard For Nginx on Ubuntu 16.04, PHP 7
If upgraded from Ubuntu 14.04 to Ubuntu 16.04 then root il be at /usr/share/nginx/html. Adjust that part. Now, generate HTML file while being there with this command :
1 | goaccess -f /var/log/nginx/access.log -a > /usr/share/nginx/html/report.html |
Check with ls :
1 | ls /usr/share/nginx/html/report.html | grep report |
It show the HTML file. Now, open your browser to point towards :
1 2 3 | your-domain.com/report.html or your-ip/report.html |
You will see the Dashboard. Official documentation is on their website about how to use. As we need to update it continuously, we can use this command to create a goaccess.sh script, invoke to copy-paste these with nano ~/goaccess.sh :
1 2 3 4 | #!/bin/sh rm /usr/share/nginx/html/report.html goaccess -f /var/log/nginx/access.log -a > /usr/share/nginx/html/report.html echo -e "[goaccess.sh ran" |
There is no typographical error on the above script. We need to properly CHMOD it :
1 | chmod +x ~/goaccess.sh |
Then test run the script :
1 | sh ~/goaccess.sh |
Automation With CRON
Now you can set cron, for example, if you want to run the script every 12 hourly, then evoke crontab with crontab -e command and add this at the bottom of the file :
1 | 55 5,17 * * * sh ~/goaccess.sh > /dev/null 2>&1 |
If you want to run the script (and update the report) every 10 minutes, evoke crontab with crontab -e command and add this at the bottom of the file :
1 | */10 * * * * sh ~/goaccess.sh > /dev/null 2>&1 |
You can see the “log” of whether ran with this command :
1 | grep goaccess /var/log/syslog |
This part is complete. It is not a sane idea to keep an HTML file available publicly on a live website. Also such cron can suck huge RAM. In case you keep it, add this to your /etc/nginx/sites-available/default (or whatever named) file :
1 2 3 4 5 6 | location ~ /(\.|wp-config.php|readme.html|license.txt|report.html) { allow 127.0.0.1; allow 27.63.170.224; deny all; } |
license.txt, wp-config.php are just added for example in case you have such directive to block access to certain files. My IP is 27.63.170.224. I can access it but others can not see. To make 100% sure, I can check that file from Tor browser (My IP will change).
You should not use crontab for production server when you are not on SSH. Simply delete report.html with :
1 | rm /usr/share/nginx/html/report.html |
if exiting from SSH, simply comment out the above used cron with # before the line after opening crontab with crontab -e command. For full managed servers, you can keep the file. Actually there is remote possibility of running exploit and get cron’s access by the script kiddies. We made alternative easy ways (see later part of the guide).
Advanced Setup For GoAccess HTML GUI Dashboard (Includes Security)
Second part is creating bash alias. Open :
1 | nano ~/.bash_aliases |
Copy-Paste :
1 2 3 | alias gostat='goaccess -f /var/log/nginx/access.log -a' alias gogen='sh ~/goaccess.sh' alias godel='rm /usr/share/nginx/html/report.html' |
Source bash profile :
1 | source ~/.bashrc |
Type gostat and hit ENTER key to test. Q is exit.
We kept gogen command for generating new HTML report file. godel command will delete HTML report file. You can run gogen command after login to SSH, check HTML report and run godel before exiting SSH. You can forget that you have GoAccess in the context of security.
