We can virtually use Nginx access log like analytics software. Here is How To Configure Nginx Access Log With GeoIP on Ubuntu 16.04. Usage Commands Also Shown. Access Log is Powerful & Configurable Tool. Many new users sub-utilise this powerful tool of Nginx.
Requirements To Proceed To Read This How To Configure Nginx Access Log With GeoIP Guide
This guide is written and tested on Ubuntu 16.04 LTS with apt version of nginx-extras. You can definitely work with custom build of Nginx on Ubuntu or different server operating system like CentOS provided that your Nginx GeoIP module compiled as dynamic module (else you need to change one directive) and using PHP 7.x (else you need to change one another directive’s file name). We tested this guide on Nginx 1.11.5, HTTPS, HTTP/2 site. You must NOT have access log off under SSL directives. We will describe as Ubuntu 16.04’s default file paths.
Requirements To Proceed To Read This How To Configure Nginx Access Log With GeoIP Guide
First, we need to check whether ngx_http_geoip_module is actually compiled on your nginx installation. You can run the command nginx -V (V is capital letter, small letter on command will show version only) to find from the output :
---
1 2 3 4 | configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security ... --with-http_geoip_module=dynamic ... |
We are talking about these official documents :
1 2 3 | http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log https://www.nginx.com/resources/admin-guide/logging-and-monitoring/ http://nginx.org/en/docs/http/ngx_http_geoip_module.html |
First, we need to download geoip-database for country and city database. Ubuntu has a package for but it lacks city’s data. MaxMind’s geoip-database is a non-free software. We can use some of their distributed stuffs for free of cost. Just follow these commands like a copy-pasting machine :
1 2 3 4 5 6 | mkdir /etc/nginx/geoip cd /etc/nginx/geoip wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz gunzip GeoIP.dat.gz wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz gunzip GeoLiteCity.dat.gz |
Now open /etc/nginx/nginx.conf with any text editor like vi or nano:
1 | nano /etc/nginx/nginx.conf |
You will notice that the beginning of the file these stuffs are written on that file :
1 2 3 4 5 | user www-data; worker_processes 1; worker_priority 15; pid /run/nginx.pid; worker_rlimit_nofile 8192; |
Add this line there :
1 | load_module "modules/ngx_http_geoip_module.so"; |
After that stanza, there is events and http. We have to add more two lines inside that http :
1 2 | geoip_country /etc/nginx/geoip/GeoIP.dat; geoip_city /etc/nginx/geoip/GeoLiteCity.dat; |
So you have added these on /etc/nginx/nginx.conf :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | ... ... load_module "modules/ngx_http_geoip_module.so"; events { ... ... } http { ... ... geoip_country /etc/nginx/geoip/GeoIP.dat; geoip_city /etc/nginx/geoip/GeoLiteCity.dat; ... } |
Save the file. Run config test with nginx -t command. Restart Nginx with service nginx restart or whatever command you use. Again open /etc/nginx/nginx.conf and go to :
1 | nano /etc/nginx/nginx.conf |
Within the http directive, we have to add this kind of basic directive to catch the Country name and Country code. We can catch City name, Area name, Pin code too. This is fat-free easy version :
1 2 3 4 5 6 | log_format analytics '$remote_addr - $upstream_cache_status [$time_local] ' '"$request" $status $body_bytes_sent $query_string' '"$http_referer" "$http_user_agent"' '"$geoip_country_name" "$geoip_country_code"'; access_log /var/log/nginx/access.log analytics; error_log /var/log/nginx/error.log warn; |
So our log will be written on /var/log/nginx/access.log. Run config test with nginx -t command. Restart Nginx with service nginx restart or whatever command you use.
Here is a slightly complicated but detailed logging for human readable log :
1 | log_format analytics '[$time_iso8601] » [$upstream_cache_status] » [$remote_addr]' '[$request $request_time $request_length] » [$status] » [$body_bytes_sent] »' '[$http_referer] » [$http_user_agent]' '[$geoip_country_name » $geoip_country_code » $geoip_region » $geoip_city » $geoip_latitude » $geoip_longitude]' '$query_string'; |
But the above can make your server slightly slower. For that reason, we are suggesting to use the fat-free easy version. You can even strip off "$geoip_country_code" from it. We kept it to make it using with any other tool for log analysis.
We need too add some fastcgi directives as well. If your Nginx host file is /etc/nginx/sites-available/default, open that file :
1 | nano /etc/nginx/sites-available/default |
You will notice that, either there is :
1 | include fastcgi.conf; |
or
1 | include fastcgi_params; |
is present. Add a line below it :
1 | include geoip_params; |
There can be multiple instances of include fastcgi.conf or include fastcgi_params. You have to add include geoip_params below each. But where is our geoip_params file? Let us create it :
1 | touch /etc/nginx/geoip_params |
We need t copy-paste this large stuff in that /etc/nginx/geoip_params file :
1 2 3 4 5 6 7 8 9 10 11 12 | proxy_set_header GEOIP_COUNTRY_CODE $geoip_country_code; proxy_set_header GEOIP_COUNTRY_CODE3 $geoip_country_code3; proxy_set_header GEOIP_COUNTRY_NAME $geoip_country_name; proxy_set_header GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code; proxy_set_header GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3; proxy_set_header GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name; proxy_set_header GEOIP_REGION $geoip_region; proxy_set_header GEOIP_CITY $geoip_city; proxy_set_header GEOIP_POSTAL_CODE $geoip_postal_code; proxy_set_header GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code; proxy_set_header GEOIP_LATITUDE $geoip_latitude; proxy_set_header GEOIP_LONGITUDE $geoip_longitude; |
For that reason, open /etc/nginx/geoip_params :
1 | nano /etc/nginx/geoip_params |
Copy-paste it. Save it. Run config test with nginx -t command. Restart Nginx with service nginx restart or whatever command you use. We have completed all the steps. It is really big set of work than result.
We have kept all the configuration files of this guide on GitHub as project. A logrotate file is kept which is not needed for who are using Ubuntu 16.04 LTS with apt version of nginx-extras.
Now cd to /var/log/nginx/ :
1 | cd /var/log/nginx/ |
You will get country when possible to detect, here is a copy-paste from our log :
1 | 54.164.253.92 - - [17/Oct/2016:18:07:12 +0530] "GET /2015/07/multimeter-guide-for-dummies HTTP/1.1" 301 178 -"-" "Mozilla/5.0 (compatible; proximic; +http://www.proximic.com/info/spider.php)""United States" |
Analyzing Nginx Access Log With GeoIP With Commands
This will give total number of access as list against HTTP response codes (200 is OK) :
1 | cat /var/log/nginx/access.log | cut -d '"' -f3 | cut -d ' ' -f2 | sort | uniq -c | sort -rn |
Basically guide on how to configure Nginx access log with GeoIP is not for counting country visits via complex commands and hundred of tools (the command is not local, it will take some time to get executed to give a list) :
1 | cat /var/log/nginx/access.log | grep -oe '^[0-9.]\+' | perl -ne 'system("geoiplookup $_")' | grep -v found | grep -oe ', [A-Za-z ]\+$' | sort | uniq -c | sort -n |
We can logically serve translated version of file according to the country or show special message with plain PHP from front end like EU cookie policy information or use tools such as goaccess to monitor and analyze Nginx logs.
Tagged With geo ip , ubuntu server 16 04 nginx with geoip module , nginx geoip to log , nginx geoip logs , nginx geoip access log , nginx geoip , https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1839 d3cdhCejngWNXEeBRjq6L_GwxxfJFB3WWj83TKjqFaDVmUEN4p97qPXx7P8Wdnk1 d31b7cbcae85671e577210f3ca9258549296e01b&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme , how to set the logging on nginx container to error log and access log? , geoip logging nginx , configure geoip module in nginx ubuntu