Goaccess Analysis Nginx Log

Recently want to use goaccess to analyze the Nginx log, but the Nginx log configuration format is not in accordance with the normal format, is completely in accordance with our own needs to write, so lead to goaccess analysis, need to redefine their own format But although the online introduction of goaccess, but most of them are to avoid the light, the format of the custom ignored, so I came to customize this piece, I hope to help everyone.

First, attach Goaccess's official instructions and parameters, install the official documents directly to configure the most convenient.

Http://goaccess.io/manual.php#synopsis

1. Installation

Yum install glib2 glib2-devel geoip-devel ncurses-devel

Download the source file goaccess-0.7.1.tar.gz and compile the installation

Cd/usr/local/src

TAR-ZXVF goaccess-0.7.1.tar.gz

cd/usr/local/src/goaccess-0.7.1

./configure–enalbe-geoip–enable-utf8

Make && make install

2. Below we can directly use the

Goaccess-f access.20141215-17.log-h-m-a

After entering the command, a prompt box appears, as follows:

We only need to select the format for the third row of the Nginx log, and the log format will appear with the appropriate logging formatting, which we can simply edit or re-define in our log format, and the log format is directly defined in "Date format". Below I use my nginx log format as an example to specifically introduce the next.

Nginx Log Format:

Log_format Main ' $time _local-$upstream _addr $server _addr: $server _port '
' $request _method $uri $args '
'-$remote _addr $server _protocol [$http _user_agent] [$http _cookie] $http _referer '
' $host $status 0 0 $bytes _sent $request _length 0 '
' $upstream _cache_status ';

Nginx Log content is:

10/dec/2014:16:54:59 +0800--192.168.3.124:80 get/1.html--192.168.3.123 http/1.0 [apachebench/2.3] [-]-192.168.3.1 24 200 0 0 235 87 0 "-"

My custom "Log Format" is:

%d:%^:%^:%^%^%^%^%^:%^%m%r%^%^%h%h [%u] [%^]%r%^%s%^%^%^%^%^ "%^"

Where%^ to ignore this field

%d is the day of the month

(1)%d to call the date format set in "Date format", 10/dec/2014

%d:%^:%^:%^ in the corresponding log 10/dec/2014:16:54:59

%d:%^:%^:%^%^ 10/dec/2014:16:54:59 +0800 in the corresponding log, which is the $time_local field in the configuration file

(2) All - with%^, indicating that this field is ignored, the following will not repeat

$upstream _addr with%^, indicating that this field is ignored

$server _addr: $server _port with%^:%^, which means that the two fields are ignored, keeping the colon ":" in the configuration file

(3) GET with%m, indicating $request_method, that is, Get,post,head and other methods

(4)/1.html with%r, indicating the contents of the $uri request

(5) $args with%^, which means ignoring this field

(6) 192.168.3.123 with%h, indicating $REMOTE_ADDR client IP address

(7) http/1.0 with%h, indicating $server_protocol

(8) [apachebench/2.3] with [%u], which means [$http _user_agent], keep in mind that [] in the configuration file

(9) [$http _cookie], using [%^], means ignoring this field, and keeping the [] in the configuration file

(10)-use%r to indicate $http_referer, although the content is empty, but cannot be ignored with%^ field

(11) 200 with%s, indicating $status, with a status code of 200

(12) The following fields are all ignored, with%^, note that there are several fields with a few%^, note that the "" in the retention configuration file

Above that is the $time_local field requires special attention, a few fields may lead to goaccess analysis of the log is very different, such as I have fewer fields resulting in unable to parse the file and parse out the file "Failed requests 233390" Similar to the total number of requests, affecting our analysis.

After the setup is complete, we can enter the car and let goaccess work properly:

Shortcut key Description:

Number 1-9 corresponds to 1-9 modules in turn

0 represents the 10th module

The shift+1 represents a 11th module

When the module is selected, the "O" key can be entered into the module to view the detailed content

The J and K keys are selected after entering the module, the specific line

Q Key to exit the current module and goaccess

OK, let's check it out according to our own log format. If you have unclear parameters, see the official website document description directly.

Goaccess Analysis Nginx Log