GoAccess

GoAccess adalah open source real-time web log analyzer dan interaktif viewer yang berjalan di terminal  *atau bisa dilakukan generate report dengan tampilan di browser sebagai file html.

Installation

wget http://tar.goaccess.io/goaccess-1.2.tar.gz
tar -xzvf goaccess-1.2.tar.gz
cd goaccess-1.2/
./configure --enable-utf8 --enable-geoip=legacy
make
make install


Fedora/CentOS

Menggunakan paket Yum

yum install goaccess
goaccess --version
GoAccess - 1.0.2.
For more details visit: http://goaccess.io
Copyright (C) 2009-2016 by Gerardo Orellana


Debian/Ubuntu

# apt-get install goaccess


Install menggunakan Debian/Ubuntu Repository

$ echo "deb http://deb.goaccess.io/ $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/goaccess.list
$ wget -O - https://deb.goaccess.io/gnugpg.key | sudo apt-key add -
$ sudo apt-get update
$ sudo apt-get install goaccess


Contoh cara penggunaan goaccess

goaccess 
GoAccess - 1.0.2
Usage: goaccess [ options ... ] -f log_file [-c][-M][-H][-q][-d][...]
The following options can also be supplied to the command:

Log & Date Format Options

--date-format= - Specify log date format. e.g., %d/%b/%Y
 --log-format= - Specify log format. Inner quotes need to be
 escaped, or use single quotes.
 --time-format= - Specify log time format. e.g., %H:%M:%S

User Interface Options

-c --config-dialog - Prompt log/date/time configuration window.
 -i --hl-header - Color highlight active panel.
 -m --with-mouse - Enable mouse support on main dashboard.
 --color=<fg:bg[attrs, PANEL]> - Specify custom colors. See manpage for more
 details and options.
 --color-scheme=<1|2|3> - Schemes: 1 => Grey, 2 => Green, 3 => Monokai.
 --html-custom-css= - Specify a custom CSS file in the HTML report.
 --html-custom-js= - Specify a custom JS file in the HTML report.
 --html-report-title=- Set HTML report page title and header. --json-pretty-print - Format JSON output w/ tabs & newlines. --max-items - Maximum number of items to show per panel. See man page for limits. --no-color - Disable colored output. --no-column-names - Don't write column names in term output. --no-csv-summary - Disable summary metrics on the CSV output. --no-progress - Disable progress metrics. --no-tab-scroll - Disable scrolling through panels on TAB.

Server Options

--addr= - Specify IP address to bind server to.
 --origin= - Ensure clients send the specified origin header
 upon the WebSocket handshake.
 --port= - Specify the port to use.
 --real-time-html - Enable real-time HTML output.
 --ws-url= - URL to which the WebSocket server responds.

File Options

-f --log-file= - Path to input log file.
 -l --debug-file= - Send all debug messages to the specified
 file.
 -p --config-file= - Custom configuration file.
 --invalid-requests= - Log invalid requests to the specified file.
 --no-global-config - Don't load global configuration file.

Parse Options

-a --agent-list - Enable a list of user-agents by host.
 -d --with-output-resolver - Enable IP resolver on HTML|JSON output.
 -e --exclude-ip= - Exclude one or multiple IPv4/6. Allows IP
 ranges e.g. 192.168.0.1-192.168.0.10
 -H --http-protocol=<yes|no> - Set/unset HTTP request protocol if found.
 -M --http-method=<yes|no> - Set/unser HTTP request method if found.
 -o --output=file.html|json|csv - Output either an HTML, JSON or a CSV file.
 -q --no-query-string - Ignore request's query string. Removing the
 query string can greatly decrease memory
 consumption.
 -r --no-term-resolver - Disable IP resolver on terminal output.
 --444-as-404 - Treat non-standard status code 444 as 404.
 --4xx-to-unique-count - Add 4xx client errors to the unique visitors
 count.
 --all-static-files - Include static files with a query string.
 --date-spec=<date|hr> - Date specificity. Possible values: `date`
 (default), or `hr`.
 --double-decode - Decode double-encoded values.
 --enable-panel= - Enable parsing/displaying the given panel.
 --hour-spec=<hr|min> - Hour specificity. Possible values: `hr`
 (default), or `min` (tenth of a min).
 --ignore-crawlers - Ignore crawlers.
 --ignore-panel= - Ignore parsing/displaying the given panel.
 --ignore-referer= - Ignore a referer from being counted. Wild cards
 are allowed. i.e., *.bing.com
 --ignore-status= - Ignore parsing the given status code.
 --real-os - Display real OS names. e.g, Windows XP, Snow
 Leopard.
 --sort-panel=PANEL,METRIC,ORDER - Sort panel on initial load. For example:
 --sort-panel=VISITORS,BY_HITS,ASC. See
 manpage for a list of panels/fields.
 --static-file= - Add static file extension. e.g.: .mp3.
 Extensions are case sensitive.

GeoIP Options

-g --std-geoip - Standard GeoIP database for less memory
 consumption.
 --geoip-database= - Specify path to GeoIP database file. i.e.,
 GeoLiteCity.dat, GeoIPv6.dat ...

On-Disk Database Options

--keep-db-files - Persist parsed data into disk.
 --load-from-disk - Load previously stored data from disk.
 --db-path= - Path of the database file. Default [/tmp/]
 --cache-lcnum= - Max number of leaf nodes to be cached. Default
 [0]
 --cache-ncnum= - Max number of non-leaf nodes to be cached.
 Default [1024]
 --tune-bnum= - Number of elements of the bucket array. Default
 [512]
 --tune-lmemb= - Number of members in each leaf page. Default
 [128]
 --tune-nmemb= - Number of members in each non-leaf page.
 Default [256]
 --xmmap= - Set the size in bytes of the extra mapped
 memory. Default [32749]
 --compression=<zlib|bz2> - Specifies that each page is compressed with
 ZLIB|BZ2 encoding.

Other Options

-h --help - This help.
 -V --version - Display version information and exit.
 -s --storage - Display current storage method. e.g., B+
 Tree, Hash.
 --dcf - Display the path of the default config
 file when `-p` is not used.

Examples can be found by running `man goaccess`.

For more details visit: http://goaccess.io
 GoAccess Copyright (C) 2009-2016 by Gerardo Orellana

Command untuk memanggil log monitoring goaccess
# goaccess -f /var/log/httpd/access_log

Terdapat pilihan di goaccess, contoh memilih pilihan yang pertama

Generate apache html reports
# Catatan jika mengalami kendala di bawah ini

# goaccess -f /var/log/httpd/access_log -a > report.html
Parsing... [0] [0/s]
GoAccess - version 1.0.2 - Oct  9 2016 06:13:21
Config file: /etc/goaccess.conf
Fatal error has occurred
Error occured at: src/parser.c - parse_log - 2322
No time format was found on your conf file

Maka yang harus dilakukan adalah mengubah konfigurasi di: vi /etc/goaccess.conf, yang harus ditambahkan adalah format:

NCSA Combined Log Format --> log-format %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
date format              --> date-format %d/%b/%Y
time format              --> time-format %T

Jika berhasil maka langsung akan keluar output nya di direktori saat melakukan generate

Buka file report.html

Remote server log yang ada di VM atau Host lain

# ssh heroik@192.168.11.15 'cat /var/log/httpd/access_log' | goaccess -a
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s