728x90
GoAccess를 설치하고 로그를 분석하는 방법
goaccess : Real-time web log analyzer and interactive viewer
1. goaccess 설치
$ yum install -y goaccess
$ goaccess --version
GoAccess - 1.5.4.
For more details visit: https://goaccess.io/
Copyright (C) 2009-2020 by Gerardo Orellana
Build configure arguments:
--enable-debug
--enable-utf8
--enable-geoip=legacy
--with-getline
--with-openssl
2. 로그 파일 분석
- 아파치 로그
$ pwd
/var/log/httpd
$ ls -l
total 176
-rw-r--r-- 1 root root 100402 Feb 11 11:42 access_log
-rw-r--r-- 1 root root 75748 Feb 11 08:49 error_log
- goaccess 로그 파일 분석
goaccess /var/log/httpd/access_log --log-format=COMBINED
- 아파치 웹 루트 디렉토리 : /var/www/html
goaccess -f /var/log/httpd/access_log --log-format=COMBINED -a -o /var/www/html/index.html
goaccess /var/log/httpd/access_log --log-format=COMBINED -a -o /var/www/html/report.html
goaccess 실시간 로그 분석
- 실시간 분석 대화식
goaccess -f /var/log/httpd/access_log --log-format=COMBINED -a -o /var/www/html/report.html --real-time-html
WebSocket server ready to accept new client connections
- 실시간 분석 daemonize(--real-time-html enabled)
goaccess -f /var/log/httpd/access_log --log-format=COMBINED -a -o /var/www/html/report.html --daemonize
$ ps -ef | grep -v grep | grep goaccess
root 165509 152463 99 12:25 pts/0 00:03:10 goaccess -f \
/var/log/httpd/access_log \
--log-format=COMBINED -a \
-o /var/www/html/report.html \
--daemonize
728x90
Log & Date Format Options
$ goaccess --help
GoAccess - 1.3
Usage: goaccess [filename] [ options ... ] [-c][-M][-H][-S][-q][-d][...]
The following options can also be supplied to the command:
Log & Date Format Options
--date-format=<dateformat> - Specify log date format. e.g., %d/%b/%Y
--log-format=<logformat> - Specify log format. Inner quotes need to be
escaped, or use single quotes.
--time-format=<timeformat> - Specify log time format. e.g., %H:%M:%S
User Interface Options
-c --config-dialog - Prompt log/date/time configuration window.
-i --hl-header - Color highlight active panel.
-m --with-mouse - Enable mouse support on main dashboard.
--color=<fg:bg[attrs, PANEL]> - Specify custom colors. See manpage for more
details and options.
--color-scheme=<1|2|3> - Schemes: 1 => Grey, 2 => Green, 3 => Monokai.
--html-custom-css=<path.css> - Specify a custom CSS file in the HTML report.
--html-custom-js=<path.js> - Specify a custom JS file in the HTML report.
--html-prefs=<json_obj> - Set default HTML report preferences.
--html-report-title=<title> - Set HTML report page title and header.
--json-pretty-print - Format JSON output w/ tabs & newlines.
--max-items - Maximum number of items to show per panel.
See man page for limits.
--no-color - Disable colored output.
--no-column-names - Don't write column names in term output.
--no-csv-summary - Disable summary metrics on the CSV output.
--no-html-last-updated - Hide HTML last updated field.
--no-parsing-spinner - Disable progress metrics and parsing spinner.
--no-progress - Disable progress metrics.
--no-tab-scroll - Disable scrolling through panels on TAB.
Server Options
--addr=<addr> - Specify IP address to bind server to.
--daemonize - Run as daemon (if --real-time-html enabled).
--fifo-in=<path> - Path to read named pipe (FIFO).
--fifo-out=<path> - Path to write named pipe (FIFO).
--origin=<addr> - Ensure clients send the specified origin header
upon the WebSocket handshake.
--pid-file=<path> - Write PID to a file when --daemonize is used.
--port=<port> - Specify the port to use.
--real-time-html - Enable real-time HTML output.
--ssl-cert=<cert.crt> - Path to TLS/SSL certificate.
--ssl-key=<priv.key> - Path to TLS/SSL private key.
--ws-url=<url> - URL to which the WebSocket server responds.
File Options
- - The log file to parse is read from stdin.
-f --log-file=<filename> - Path to input log file.
-S --log-size=<number> - Specify the log size, useful when piping in logs.
-l --debug-file=<filename> - Send all debug messages to the specified
file.
-p --config-file=<filename> - Custom configuration file.
--invalid-requests=<filename> - Log invalid requests to the specified file.
--no-global-config - Don't load global configuration file.
Parse Options
-a --agent-list - Enable a list of user-agents by host.
-b --browsers-file=<path> - Use additional custom list of browsers.
-d --with-output-resolver - Enable IP resolver on HTML|JSON output.
-e --exclude-ip=<IP> - Exclude one or multiple IPv4/6. Allows IP
ranges e.g. 192.168.0.1-192.168.0.10
-H --http-protocol=<yes|no> - Set/unset HTTP request protocol if found.
-M --http-method=<yes|no> - Set/unset HTTP request method if found.
-o --output=file.html|json|csv - Output either an HTML, JSON or a CSV file.
-q --no-query-string - Ignore request's query string. Removing the
query string can greatly decrease memory
consumption.
-r --no-term-resolver - Disable IP resolver on terminal output.
--444-as-404 - Treat non-standard status code 444 as 404.
--4xx-to-unique-count - Add 4xx client errors to the unique visitors
count.
--anonymize-ip - Anonymize IP addresses before outputting to report.
--all-static-files - Include static files with a query string.
--crawlers-only - Parse and display only crawlers.
--date-spec=<date|hr> - Date specificity. Possible values: `date`
(default), or `hr`.
--double-decode - Decode double-encoded values.
--enable-panel=<PANEL> - Enable parsing/displaying the given panel.
--hide-referer=<NEEDLE> - Hide a referer but still count it. Wild cards
are allowed. i.e., *.bing.com
--hour-spec=<hr|min> - Hour specificity. Possible values: `hr`
(default), or `min` (tenth of a min).
--ignore-crawlers - Ignore crawlers.
--ignore-panel=<PANEL> - Ignore parsing/displaying the given panel.
--ignore-referer=<NEEDLE> - Ignore a referer from being counted. Wild cards
are allowed. i.e., *.bing.com
--ignore-statics=<req|panel> - Ignore static requests.
req => Ignore from valid requests.
panel => Ignore from valid requests and panels.
--ignore-status=<CODE> - Ignore parsing the given status code.
--num-tests=<number> - Number of lines to test. >= 0 (10 default)
--process-and-exit - Parse log and exit without outputting data.
--real-os - Display real OS names. e.g, Windows XP, Snow
Leopard.
--sort-panel=PANEL,METRIC,ORDER - Sort panel on initial load. For example:
--sort-panel=VISITORS,BY_HITS,ASC. See
manpage for a list of panels/fields.
--static-file=<extension> - Add static file extension. e.g.: .mp3.
Extensions are case sensitive.
GeoIP Options
-g --std-geoip - Standard GeoIP database for less memory
consumption.
--geoip-database=<path> - Specify path to GeoIP database file. i.e.,
GeoLiteCity.dat, GeoIPv6.dat ...
Other Options
-h --help - This help.
-V --version - Display version information and exit.
-s --storage - Display current storage method. e.g., B+
Tree, Hash.
--dcf - Display the path of the default config
file when `-p` is not used.
Examples can be found by running `man goaccess`.
For more details visit: http://goaccess.io
GoAccess Copyright (C) 2009-2017 by Gerardo Orellana
Access logs formats
로그 포맷 | 로그 표시 |
COMBINED (NCSA Combined Log Format) | %h %^[%d:%t %^] "%r" %s %b "%R" "%u" |
VCOMBINED (NCSA Combined Log Format with Virtual Host) | %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" |
COMMON (Common Log Format (CLF)) | %h %^[%d:%t %^] "%r" %s %b |
VCOMMON (Common Log Format (CLF) with Virtual Host) | %v:%^ %h %^[%d:%t %^] "%r" %s %b |
W3C | %d %t %^ %m %U %q %^ %^ %h %u %R %s %^ %^ %L |
SQUID (Squid Native Format) | %^ %^ %^ %v %^: %x.%^ %~%L %h %^/%s %b %m %U |
goaccess 웹 접근
http://go.sangchul.kr
참고URL
728x90
'리눅스' 카테고리의 다른 글
tee 명령어 (0) | 2022.02.05 |
---|---|
[linux] How To Install GoAccess on CentOS 8 (0) | 2022.02.04 |
CentOS 8에서 Webalizer를 설치하는 방법 (0) | 2022.02.04 |
CentOS 7에서 lsyncd와 rsync를 사용하여 파일의 실시간 동기화를 설정하는 방법 (0) | 2022.01.28 |
일반적으로 권장되는 웹 서버의 SSL 프로토콜과 암호화 알고리즘(Cipher Suite) 설정 (0) | 2022.01.28 |