Goaccess analyzes nginx logs

Goaccess analyzes nginx logs

Recently, I want to use goaccess to analyze nginx logs. However, the configuration format of nginx logs is not in the normal format, and we write it according to our own requirements. As a result, goaccess cannot be analyzed, you need to redefine the format yourself. However, although there are a lot of goaccess information on the Internet, most of them just need to be avoided and the custom format is ignored, therefore, I want to help you with the customization.

First, attach the goaccess official instructions and parameter descriptions, and install the official documents directly to configure them.

Http://goaccess.io/manual.php#synopsis

1. Install

Yum install glib2 glib2-devel GeoIP-devel ncurses-devel

Download the source code file goaccess-0.7.1.tar.gz and compile and install it.

Cd/usr/local/src

Tar-zxvf goaccess-0.7.1.tar.gz

Cd/usr/local/src/goaccess-0.7.1

./Configure-enalbe-geoip-enable-utf8

Make & make install

2. Now we can use it directly.

Goaccess-f access.20141215-17.log-H-M-

After you enter the command, a prompt box appears, as shown below:

We only need to select the Format suitable for the third line of nginx logs. After selection, "Log Format" will display the corresponding Log Format, we only need to edit the log or redefine it according to the log format. The log format uses "Date FZ encoding? Http://www.bkjia.com/kf/ware/vc/ "target =" _ blank "class =" keylink "> vcm1hdKGx1tC2qNLltcS8tL/issue/cC0vt/issue + issue =" $ time_local-$ upstream_addr $ server_addr: $ server_port'
'$ Request_method $ uri $ args'
'-$ Remote_addr $ server_protocol [$ http_user_agent] [$ http_cookie] $ http_referer'
'$ Host $ status 0 0 $ bytes_sent $ request_length 0'
'"$ Upstream_cache_status "';

The nginx log Content is:

10/Dec/2014: 16: 54: 59 + 0800--192.168.3.124: 80 GET/1.html---192.168.3.123 HTTP/1.0 [apacheloud/2.3] [-]-192.168.3.124 200 0 0 235 87 0 "-"

The custom "Log Format" is:

% D: % ^: % ^ % m % r % ^ % h % H [% u] [% ^] % R % ^ % s % ^ "% ^"

% ^ Indicates that this field is ignored.

% D: year, month, and day

(1) % d is the Date Format set in the call "Date Format", 10/Dec/2014

% D: % ^ corresponding to 10/Dec/2014: 16: 54: 59 in the log

% D: % ^ corresponds to 10/Dec/2014: 16: 54: 59 + 0800 in the log, that is, the $ time_local field in the configuration file.

(2) All-% ^ Indicates that this field is ignored and will not be repeated below

$ Upstream_addr % ^ indicates ignoring this field

$ Server_addr: $ server_port % ^: % ^ indicates that the two fields are ignored. Note that the colon ":" In the configuration file is retained.

(3) GET uses % m to indicate $ request_method, that is, get, post, head, and other methods.

(4)/1.html uses % r to represent the content of the $ uri request

(5) $ args uses % ^ to ignore this field

(6) 192.168.3.123 uses % h to indicate the IP address of the $ remote_addr client.

(7) HTTP/1.0 uses % H to indicate $ server_protocol

(8) [apache.pdf/2.3] [% u] indicates [$ http_user_agent]. Note that [] in the configuration file is retained.

(9) [$ http_cookie], using [% ^], indicates ignoring this field. Note that [] in the configuration file is retained.

(10)-% R is used to indicate $ http_referer. Although the content is empty, % ^ cannot be used to ignore the field.

(11) 200% s, indicating $ status, status Code 200

(12) ignore all the following fields. Use % ^. Note that a few fields use % ^. Keep "" in the configuration file.

The preceding $ time_local field requires special attention. A small number of fields may cause a big difference in the logs analyzed by goaccess, for example, "Failed Requests 233390" in the file that cannot be analyzed because I have few fields is similar to the total number of Requests, which affects our analysis.

After setting, we can press enter to make goaccess work properly:

Shortcut Key description:

Numbers 1-9 correspond to 1-9 modules in turn

0 indicates 10th modules

Shift + 1 indicates 11th modules

After the module is selected, the "o" key can enter the module to view details.

The j and k keys are used to select a specific row from the upper and lower layers after entering the module.

Q key to exit the current module and goaccess

Now, let's check the log format. If you have any unclear parameters, go to the official website for instructions.