GoAccess实时分析Nginx日志

GoAccess 是一个基于终端的实时 Web 日志分析仪。用 C 语言编写，它是快速，互动的，并以优雅而直观的方式显示日志。它提供了各种 Web 日志文件的支持，包括 Apache，Nginx，Caddy，Amazon S3 和 CloudFront，仅提及几个。它可以以 HTML 格式，JSON 渲染结果，还可以生成 CSV 报告。

1. 目录准备

• 存放goaccess.conf配置文件

mkdir -p /usr/local/goaccess/data
1

• 存放goaccess生成分析html

mkdir -p /usr/local/goaccess/html
1

2. 启动nginx

• nginx中添加配置，监听7891端口

    server {
        listen      7891;
        server_name  dev.lettin.cn 114.55.42.227;
        location / {
            root   /usr/share/nginx/html;
            index  index.html;
        }
    }
1
2
3
4
5
6
7
8

• 启动nginx并挂载目录

docker run -d --net=host --name=nginx -v /usr/local/goaccess/html:/usr/share/nginx/html --restart=always nginx
1

找到日志nginx文件

我使用的docker方式运行nginx，所用是前台启动，nginx输出在控制台，需要找到docker 容器的日志文件（nginx为容器名）：

docker inspect --format='{{.LogPath}}' nginx
1

注意：每次docker run都会生成新的容器，日志文件路径会改变

3. 安装GoAccess（docker版）

goaccess.conf配置准备

放/usr/local/goaccess/data目录下
goaccess.conf配置文件下载地址：https://github.com/allinurl/goaccess/blob/master/config/goaccess.conf

• 需要修改的内容如下

time-format %H:%M:%S

date-format %d/%b/%Y

log-format %h %^ %^ [%d:%t %^] "%r" %^ %s %b "%R" "%u" "%^" "%T"
1
2
3
4
5

• 下面是我配好的（复制可用）

######################################
# Time Format Options (required)
######################################
#
# The hour (24-hour clock) [00,23]; leading zeros are permitted but not required.
# The minute [00,59]; leading zeros are permitted but not required.
# The seconds [00,60]; leading zeros are permitted but not required.
# See `man strftime` for more details
#
# The following time format works with any of the
# Apache/NGINX's log formats below.
#
time-format %H:%M:%S
#
# Google Cloud Storage or
# The time in microseconds since the Unix epoch.
#
#time-format %f

# Squid native log format
#
#time-format %s

######################################
# Date Format Options (required)
######################################
#
# The date-format variable followed by a space, specifies
# the log format date containing any combination of regular
# characters and special format specifiers. They all begin with a
# percentage (%) sign. See `man strftime`
#
# The following date format works with any of the
# Apache/NGINX's log formats below.
#
date-format %d/%b/%Y
#
# AWS | Amazon CloudFront (Download Distribution)
# AWS | Elastic Load Balancing
# W3C (IIS)
#
#date-format %Y-%m-%d
#
# Google Cloud Storage or
# The time in microseconds since the Unix epoch.
#
#date-format %f

# Squid native log format
# Caddy
#
#date-format %s

######################################
# Date/Time Format Option
######################################
#
# The datetime-format variable followed by a space, specifies
# the log format date and time containing any combination of regular
# characters and special format specifiers. They all begin with a
# percentage (%) sign. See `man strftime`
#
# This gives the ability to get the timezone from a request and
# convert it to another timezone for output. See --tz= in
# the man page.
#
#datetime-format %d/%b/%Y:%H:%M:%S %z

######################################
# Log Format Options (required)
######################################
#
# The log-format variable followed by a space or \t for
# tab-delimited, specifies the log format string.
#
# NOTE: If the time/date is a timestamp in seconds or microseconds
# %x must be used instead of %d & %t to represent the date & time.

# NCSA Combined Log Format
#log-format %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
log-format {"log":"%h %^[%d:%t %^] \""%m %U %H %s %b "%R" "%u"}

# NCSA Combined Log Format with Virtual Host
#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"

# Common Log Format (CLF)
#log-format %h %^[%d:%t %^] "%r" %s %b

# Common Log Format (CLF) with Virtual Host
#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b

# W3C
#log-format %d %t %h %^ %^ %^ %^ %r %^ %s %b %^ %^ %u %R

# Squid native log format
#log-format %^ %^ %^ %v %^: %x.%^ %~%L %h %^/%s %b %m %U

# AWS | Amazon CloudFront (Download Distribution)
#log-format %d\t%t\t%^\t%b\t%h\t%m\t%^\t%r\t%s\t%R\t%u\t%^

# Google Cloud Storage
#log-format "%x","%h",%^,%^,"%m","%U","%s",%^,"%b","%D",%^,"%R","%u"

# AWS | Elastic Load Balancing
#log-format %dT%t.%^ %^ %h:%^ %^ %T %^ %^ %^ %s %^ %b "%r" "%u"

# AWSS3 | Amazon Simple Storage Service (S3)
#log-format %^[%d:%t %^] %h %^"%r" %s %^ %b %^ %L %^ "%R" "%u"

# Virtualmin Log Format with Virtual Host
#log-format %h %^ %v %^[%d:%t %^] "%r" %s %b "%R" "%u"

# Kubernetes Nginx Ingress Log Format
#log-format %^ %^ [%h] %^ %^ [%d:%t %^] "%r" %s %b "%R" "%u" %^ %^ [%v] %^:%^ %^ %T %^ %^

# CADDY JSON Structured
#log-format {ts:"%x.%^",request:{remote_ip:"%h",proto:"%H",method:"%m",host:"%v",uri:"%U",headers:{"User-Agent":["%u","%^"]},tls:{cipher_suite:"%k",proto:"%K"}},duration:"%T",size:"%b",status:"%s",resp_headers:{"Content-Type":["%M;%^"]}}

# In addition to specifying the raw log/date/time formats, for
# simplicity, any of the following predefined log format names can be
# supplied to the log/date/time-format variables. GoAccess  can  also
# handle  one  predefined name in one variable and another predefined
# name in another variable.
#
#log-format COMBINED
#log-format VCOMBINED
#log-format COMMON
#log-format VCOMMON
#log-format W3C
#log-format SQUID
#log-format CLOUDFRONT
#log-format CLOUDSTORAGE
#log-format AWSELB
#log-format AWSS3
#log-format CADDY

######################################
# UI Options
######################################

# Choose among color schemes
# 1 : Monochrome
# 2 : Green
# 3 : Monokai (if 256-colors supported)
#
#color-scheme 3

# Prompt log/date configuration window on program start.
#
config-dialog false

# Color highlight active panel.
#
hl-header true

# Specify a custom CSS file in the HTML report.
#
#html-custom-css /path/file.css

# Specify a custom JS file in the HTML report.
#
#html-custom-js /path/file.js

# Set default HTML preferences.
#
# NOTE: A valid JSON object is required.
# DO NOT USE A MULTILINE JSON OBJECT.
# The parser will only parse the value next to `html-prefs` (single line)
# It allows the ability to customize each panel plot. See example below.
#
#html-prefs {"theme":"bright","perPage":5,"layout":"horizontal","showTables":true,"visitors":{"plot":{"chartType":"bar"}}}

# Set HTML report page title and header.
#
#html-report-title My Awesome Web Stats

# Format JSON output using tabs and newlines.
#
json-pretty-print false

# Turn off colored output. This is the  default output on
# terminals that do not support colors.
# true  : for no color output
# false : use color-scheme
#
no-color false

# Don't write column names in the terminal output. By default, it displays
# column names for each available metric in every panel.
#
no-column-names false

# Disable summary metrics on the CSV output.
#
no-csv-summary false

# Disable progress metrics.
#
no-progress false

# Disable scrolling through panels on TAB.
#
no-tab-scroll false

# Disable progress metrics and parsing spinner.
#
#no-parsing-spinner true

# Do not show the last updated field displayed in the HTML generated report.
#
#no-html-last-updated true

# Outputs the report date/time data in the given timezone. Note that it
# uses the canonical timezone name. See --datetime-format in order to
# properly specify a timezone in the date/time format.
#
#tz Europe/Berlin

# Enable mouse support on main dashboard.
#
with-mouse false

# Maximum number of items to show per panel.
# Note: Only the CSV and JSON outputs allow a maximum greater than the
# default value of 366.
#
#max-items 366

# Custom colors for the terminal output
# Tailor GoAccess to suit your own tastes.
#
# Color Syntax:
# DEFINITION space/tab colorFG#:colorBG# [[attributes,] PANEL]
#
# FG# = foreground color number [-1...255] (-1 = default terminal color)
# BG# = background color number [-1...255] (-1 = default terminal color)
#
# Optionally:
#
# It is possible to apply color attributes, such as:
# bold,underline,normal,reverse,blink.
# Multiple attributes are comma separated
#
# If desired, it is possible to apply custom colors per panel, that is, a
# metric in the REQUESTS panel can be of color A, while the same metric in the
# BROWSERS panel can be of color B.
#
# The following is a 256 color scheme (hybrid palette)
#
#color COLOR_MTRC_HITS              color110:color-1
#color COLOR_MTRC_VISITORS          color173:color-1
#color COLOR_MTRC_DATA              color221:color-1
#color COLOR_MTRC_BW                color167:color-1
#color COLOR_MTRC_AVGTS             color143:color-1
#color COLOR_MTRC_CUMTS             color247:color-1
#color COLOR_MTRC_MAXTS             color186:color-1
#color COLOR_MTRC_PROT              color109:color-1
#color COLOR_MTRC_MTHD              color139:color-1
#color COLOR_MTRC_HITS_PERC         color186:color-1
#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1
#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 VISITORS
#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 OS
#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 BROWSERS
#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 VISIT_TIMES
#color COLOR_MTRC_VISITORS_PERC     color186:color-1
#color COLOR_MTRC_VISITORS_PERC_MAX color139:color-1
#color COLOR_PANEL_COLS             color243:color-1
#color COLOR_BARS                   color250:color-1
#color COLOR_ERROR                  color231:color167
#color COLOR_SELECTED               color7:color167
#color COLOR_PANEL_ACTIVE           color7:color237
#color COLOR_PANEL_HEADER           color250:color235
#color COLOR_PANEL_DESC             color242:color-1
#color COLOR_OVERALL_LBLS           color243:color-1
#color COLOR_OVERALL_VALS           color167:color-1
#color COLOR_OVERALL_PATH           color186:color-1
#color COLOR_ACTIVE_LABEL           color139:color235 bold underline
#color COLOR_BG                     color250:color-1
#color COLOR_DEFAULT                color243:color-1
#color COLOR_PROGRESS               color7:color110

######################################
# Server Options
######################################

# Specify IP address to bind server to.
#
#addr 0.0.0.0

# Run GoAccess as daemon (if --real-time-html enabled).
#
#daemonize false

# Ensure clients send the specified origin header upon the WebSocket
# handshake.
#
#origin http://example.org

# The port to which the connection is being attempted to connect.
# By default GoAccess' WebSocket server listens on port 7890
# See man page or http://gwsocket.io for details.
#
#port 7890

# Write the PID to a file when used along the daemonize option.
#
#pid-file /var/run/goaccess.pid

# Enable real-time HTML output.
#
#real-time-html true

# Path to TLS/SSL certificate.
# Note that ssl-cert and ssl-key need to be used to enable TLS/SSL.
#
#ssl-cert /path/ssl/domain.crt

# Path to TLS/SSL private key.
# Note that ssl-cert and ssl-key need to be used to enable TLS/SSL.
#
#ssl-key /path/ssl/domain.key

# URL to which the WebSocket server responds. This is the URL supplied
# to the WebSocket constructor on the client side.
#
# Optionally, it is possible to specify the WebSocket URI scheme, such as ws://
# or wss:// for unencrypted and encrypted connections.
# e.g., ws-url wss://goaccess.io
#
# If GoAccess is running behind a proxy, you could set the client side
# to connect to a different port by specifying the host followed by a
# colon and the port.
# e.g., ws-url goaccess.io:9999
#
# By default, it will attempt to connect to localhost. If GoAccess is
# running on a remote server, the host of the remote server should be
# specified here. Also, make sure it is a valid host and NOT an http
# address.
#
#ws-url goaccess.io

# Path to read named pipe (FIFO).
#
#fifo-in /tmp/wspipein.fifo

# Path to write named pipe (FIFO).
#
#fifo-out /tmp/wspipeout.fifo

######################################
# File Options
######################################

# Specify the path to the input log file. If set, it will take
# priority over -f from the command line.
#
#log-file /var/log/apache2/access.log

# Send all debug messages to the specified file.
#
#debug-file debug.log

# Specify a custom configuration file to use. If set, it will take
# priority over the global configuration file (if any).
#
#config-file 

# Log invalid requests to the specified file.
#
#invalid-requests 

# Do not load the global configuration file.
#
#no-global-config false

######################################
# Parse Options
######################################

# Enable a list of user-agents by host. For faster parsing, do not
# enable this flag.
#
agent-list false

#  Enable IP resolver on HTML|JSON|CSV output.
#
with-output-resolver false

# Exclude an IPv4 or IPv6 from being counted.
# Ranges can be included as well using a dash in between
# the IPs (start-end).
#
#exclude-ip 127.0.0.1
#exclude-ip 192.168.0.1-192.168.0.100
#exclude-ip ::1
#exclude-ip 0:0:0:0:0:ffff:808:804-0:0:0:0:0:ffff:808:808

# Include HTTP request method if found. This will create a
# request key containing the request method + the actual request.
#
#  [default: yes]
#
http-method yes

# Include HTTP request protocol if found. This will create a
# request key containing the request protocol + the actual request.
#
#  [default: yes]
#
http-protocol yes

# Write  output to stdout given one of the following files and the
# corresponding extension for the output format:
#
# /path/file.csv  - Comma-separated values (CSV)
# /path/file.json - JSON (JavaScript Object Notation)
# /path/file.html - HTML
#
# output /path/file.html

# Ignore request's query string.
# i.e.,  www.google.com/page.htm?query => www.google.com/page.htm
#
# Note: Removing the query string can greatly decrease memory
# consumption, especially on timestamped requests.
#
no-query-string false

# Disable IP resolver on terminal output.
#
no-term-resolver false

# Treat non-standard status code 444 as 404.
#
444-as-404 false

# Add 4xx client errors to the unique visitors count.
#
4xx-to-unique-count false

# IP address anonymization
# The IP anonymization option sets the last octet of IPv4 user IP addresses and
# the last 80 bits of IPv6 addresses to zeros.
# e.g., 192.168.20.100 => 192.168.20.0
# e.g., 2a03:2880:2110:df07:face:b00c::1 => 2a03:2880:2110:df07::
#
#anonymize-ip false

# Include static files that contain a query string in the static files
# panel.
# e.g., /fonts/fontawesome-webfont.woff?v=4.0.3
#
all-static-files false

# Include an additional delimited list of browsers/crawlers/feeds etc.
# See config/browsers.list for an example or
# https://raw.githubusercontent.com/allinurl/goaccess/master/config/browsers.list
#
#browsers-file 

# Date specificity. Possible values: `date` (default), or `hr` or `min`.
#
#date-spec hr|min

# Decode double-encoded values.
#
double-decode false

# Enable parsing/displaying the given panel.
#
#enable-panel VISITORS
#enable-panel REQUESTS
#enable-panel REQUESTS_STATIC
#enable-panel NOT_FOUND
#enable-panel HOSTS
#enable-panel OS
#enable-panel BROWSERS
#enable-panel VISIT_TIMES
#enable-panel VIRTUAL_HOSTS
#enable-panel REFERRERS
#enable-panel REFERRING_SITES
#enable-panel KEYPHRASES
#enable-panel STATUS_CODES
#enable-panel REMOTE_USER
#enable-panel CACHE_STATUS
#enable-panel GEO_LOCATION
#enable-panel MIME_TYPE
#enable-panel TLS_TYPE

# Hide a referrer but still count it. Wild cards are allowed. i.e., *.bing.com
#
#hide-referrer *.google.com
#hide-referrer bing.com

# Hour specificity. Possible values: `hr` (default), or `min` (tenth
# of a minute).
#
#hour-spec min

# Ignore crawlers from being counted.
# This will ignore robots listed under browsers.c
# Note that it will count them towards the total
# number of requests, but excluded from any of the panels.
#
ignore-crawlers false

# Parse and display crawlers only.
# This will ignore all hosts except robots listed under browsers.c
# Note that it will count them towards the total
# number of requests, but excluded from any of the panels.
#
crawlers-only false

# Unknown browsers and OS are considered as crawlers
#
unknowns-as-crawlers false

# Ignore static file requests.
# req : Only ignore request from valid requests
# panels : Ignore request from panels.
# Note that it will count them towards the total number of requests
# ignore-statics req

# Ignore parsing and displaying the given panel.
#
#ignore-panel VISITORS
#ignore-panel REQUESTS
#ignore-panel REQUESTS_STATIC
#ignore-panel NOT_FOUND
#ignore-panel HOSTS
#ignore-panel OS
#ignore-panel BROWSERS
#ignore-panel VISIT_TIMES
#ignore-panel VIRTUAL_HOSTS
ignore-panel REFERRERS
#ignore-panel REFERRING_SITES
ignore-panel KEYPHRASES
#ignore-panel STATUS_CODES
#ignore-panel REMOTE_USER
#ignore-panel CACHE_STATUS
#ignore-panel GEO_LOCATION
#ignore-panel MIME_TYPE
#ignore-panel TLS_TYPE

# Ignore referrers from being counted.
# This supports wild cards. For instance,
# '*' matches 0 or more characters (including spaces)
# '?' matches exactly one character
#
#ignore-referrer *.domain.com
#ignore-referrer ww?.domain.*

# Ignore parsing and displaying one or multiple status code(s)
#
#ignore-status 400
#ignore-status 502

# Keep the last specified number of days in storage. This will recycle the
# storage tables. e.g., keep & show only the last 7 days.
#
# keep-last 7

# Disable client IP validation. Useful if IP addresses have been
# obfuscated before being logged.
#
# no-ip-validation true

# Number of lines from the access log to test against the provided
# log/date/time format. By default, the parser is set to test 10
# lines. If set to 0, the parser won't test  any  lines and will parse
# the whole access log.
#
#num-tests 10

# Parse log and exit without outputting data.
#
#process-and-exit false

# Display real OS names. e.g, Windows XP, Snow Leopard.
#
real-os true

# Sort panel on initial load.
# Sort options are separated by comma.
# Options are in the form: PANEL,METRIC,ORDER
#
# Available metrics:
#  BY_HITS     - Sort by hits
#  BY_VISITORS - Sort by unique visitors
#  BY_DATA     - Sort by data
#  BY_BW       - Sort by bandwidth
#  BY_AVGTS    - Sort by average time served
#  BY_CUMTS    - Sort by cumulative time served
#  BY_MAXTS    - Sort by maximum time served
#  BY_PROT     - Sort by http protocol
#  BY_MTHD     - Sort by http method
# Available orders:
#  ASC
#  DESC
#
#sort-panel VISITORS,BY_DATA,ASC
#sort-panel REQUESTS,BY_HITS,ASC
#sort-panel REQUESTS_STATIC,BY_HITS,ASC
#sort-panel NOT_FOUND,BY_HITS,ASC
#sort-panel HOSTS,BY_HITS,ASC
#sort-panel OS,BY_HITS,ASC
#sort-panel BROWSERS,BY_HITS,ASC
#sort-panel VISIT_TIMES,BY_DATA,DESC
#sort-panel VIRTUAL_HOSTS,BY_HITS,ASC
#sort-panel REFERRERS,BY_HITS,ASC
#sort-panel REFERRING_SITES,BY_HITS,ASC
#sort-panel KEYPHRASES,BY_HITS,ASC
#sort-panel STATUS_CODES,BY_HITS,ASC
#sort-panel REMOTE_USER,BY_HITS,ASC
#sort-panel CACHE_STATUS,BY_HITS,ASC
#sort-panel GEO_LOCATION,BY_HITS,ASC
#sort-panel MIME_TYPE,BY_HITS,ASC
#sort-panel TLS_TYPE,BY_HITS,ASC

# Consider the following extensions as static files
# The actual '.' is required and extensions are case sensitive
# For a full list, uncomment the less common static extensions below.
#
static-file .css
static-file .js
static-file .jpg
static-file .png
static-file .gif
static-file .ico
static-file .jpeg
static-file .pdf
static-file .csv
static-file .mpeg
static-file .mpg
static-file .swf
static-file .woff
static-file .woff2
static-file .xls
static-file .xlsx
static-file .doc
static-file .docx
static-file .ppt
static-file .pptx
static-file .txt
static-file .zip
static-file .ogg
static-file .mp3
static-file .mp4
static-file .exe
static-file .iso
static-file .gz
static-file .rar
static-file .svg
static-file .bmp
static-file .tar
static-file .tgz
static-file .tiff
static-file .tif
static-file .ttf
static-file .flv
static-file .dmg
static-file .xz
static-file .zst
#static-file .less
#static-file .ac3
#static-file .avi
#static-file .bz2
#static-file .class
#static-file .cue
#static-file .dae
#static-file .dat
#static-file .dts
#static-file .ejs
#static-file .eot
#static-file .eps
#static-file .img
#static-file .jar
#static-file .map
#static-file .mid
#static-file .midi
#static-file .ogv
#static-file .webm
#static-file .mkv
#static-file .odp
#static-file .ods
#static-file .odt
#static-file .otf
#static-file .pict
#static-file .pls
#static-file .ps
#static-file .qt
#static-file .rm
#static-file .svgz
#static-file .wav
#static-file .webp

######################################
# GeoIP Options
# Only if configured with --enable-geoip
######################################

# To feed a database either through GeoIP Legacy or GeoIP2, you need to use the
# geoip-database flag below.
#
# === GeoIP Legacy
# Legacy GeoIP has been discontinued. If your GNU+Linux distribution does not ship
# with the legacy databases, you may still be able to find them through
# different sources. Make sure to download the .dat files.
#
# Distributed with Creative Commons Attribution-ShareAlike 4.0 International License.
# https://mailfud.org/geoip-legacy/

# IPv4 Country database:
# Download the GeoIP.dat.gz
# gunzip GeoIP.dat.gz
#
# IPv4 City database:
# Download the GeoIPCity.dat.gz
# gunzip GeoIPCity.dat.gz

# Standard GeoIP database for less memory usage (GeoIP Legacy).
#
#std-geoip false

# === GeoIP2
# For GeoIP2 databases, you can use DB-IP Lite databases.
# DB-IP is licensed under a Creative Commons Attribution 4.0 International License.
# https://db-ip.com/db/lite.php

# Or you can download them from MaxMind
# https://dev.maxmind.com/geoip/geoip2/geolite2/

# For GeoIP2 City database:
# Download the GeoLite2-City.mmdb.gz
# gunzip GeoLite2-City.mmdb.gz
#
# For GeoIP2 Country database:
# Download the GeoLite2-Country.mmdb.gz
# gunzip GeoLite2-Country.mmdb.gz
#
#geoip-database /usr/local/share/GeoIP/GeoLiteCity.dat

######################################
# Persistence Options
######################################

# Path where the persisted database files are stored on disk.
# The default value is the /tmp directory.
#db-path /tmp

# Persist parsed data into disk.
#persist true

# Load previously stored data from disk.
# Database files need to exist. See `persist`.
#restore true
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756

启动GoAccess

注意挂载的日志文件

docker run -d -p 7890:7890 -m 200m\
	-v /usr/local/goaccess/data:/srv/data \
	-v /usr/local/goaccess/html:/srv/report \
	-v `docker inspect --format='{{.LogPath}}' nginx`:/srv/logs/access.log \
	--name=goaccess allinurl/goaccess --no-global-config \
	--config-file=/srv/data/goaccess.conf \
	--output=/srv/report/index.html \
	--log-file=/srv/logs/access.log \
	--real-time-html
1
2
3
4
5
6
7
8
9

打开页面

不断的刷新，界面上的数据值也会进行实时变化。

4.附录

日志格式：日志格式变量后需要跟一个​​空格​​​或​​\t制表符分隔符​​，指定日志格式字符串。

特殊字符所代表的含义

• %x：与时间格式和日期格式变量匹配的日期和时间字段。当时间戳而不是将日期和时间放在两个单独的变量中时，使用此方法；
• %t：与时间格式变量匹配的时间字段；
• %d：匹配日期格式变量的日期字段；
• %v：根据规范名称设置的服务器名称（服务器块或虚拟主机）；
• %e：请求文档时，由 HTTP 验证决定的用户 ID；
• %h：主机（客户端IP地址，IPv4 或 IPv6）
• %r：客户端的请求行。这就请求的特定分隔符（单引号，双引号等）是可解析的。否则需使用特殊的格式说明符，例如：​​%m​​​，​​%U​​​，​​%q​​​和​​%H​​​解析各个字段，既可以使用 %r 获取完整的请求，也可以使用 %m, %U, %q and %H 去组合你的请求，但是不能同时使用。
• %m：请求方法；
• %U：请求URL路径，如果查询字符串在​​%U​​​中，无需使用​​%q​​​。如果​​URL路径​​​不包含任何查询字符串，则使用​​%q​​，查询字符串将附加到请求中；
• %q：查询字符串；
• %H：请求协议；
• %s：服务器发送回客户端的状态代码；
• %b：返回给客户端对象的大小；
• %R：HTTP 请求的 “Referer” 值；
• %u：HTTP 请求的 “UserAgent” 值；
• %D：处理请求所花费的时间（以微秒为单位）；
• %T：处理请求所花费的时间（以毫秒为单位）；
• %L ：处理请求所花费的时间（以十进制数毫秒为单位）；
• %^：忽略此字段；
• %~：向前移动日志字符串，直到找到非空格（！isspace）字符；
• ~h：X-Forwarded-For（XFF）字段中的主机（客户端IP地址，IPv4或IPv6）。

goaccess的html面板解析

• General Statistics：此面板提供了几个指标的摘要，其中一些包括：有效和无效请求的数量，分析数据集所花费的时间，唯一访问者，请求的文件，静态文件（CSS，ICO，JPG等）HTTP引用，404s，已解析日志文件的大小和带宽消耗。

• Unique visitors：此面板显示点击次数，唯一身份访问者和每个日期的累积带宽等指标。包含相同IP，相同日期和相同用户代理的HTTP请求被视为唯一访问者。默认情况下，它包括网络爬虫/蜘蛛。 可以使用–date-spec = hr将日期特异性设置为小时级别，这将显示日期，例如05 / Jun / 2016：16。如果您想跟踪小时级别的每日流量，这非常棒。

• Requested files：此面板显示Web服务器上请求最多的文件。它显示了匹配，唯一身份访问者和百分比，以及累积带宽，协议和使用的请求方法。

• Requested static files：列出了最常用静态文件，如：JPG，CSS，SWF，JS，GIF，和PNG文件类型，使用相同的指标作为最后的面板一起。可以将其他静态文件添加到配置文件中。

• 404 or Not Found：显示与先前请求面板相同的指标，但是，其数据包含在服务器上找不到的所有页面，或通常称为404状态代码。

• Hosts：此面板包含有关主机本身的详细信息。这非常适合发现×××性爬虫，并确定谁在吃你的带宽。 扩展面板可以显示更多信息，例如主机的反向DNS查找结果，原产国和城市。如果-a启用了参数，则可以通过选择所需的IP地址，然后按Enter来显示用户代理列表。

• Operating Systems：此面板将报告主机在到达服务器时使用的操作系统。它试图提供每个操作系统的最具体版本。

• Browsers：此面板将报告主机在访问服务器时使用的浏览器。它试图提供每个浏览器的最具体版本。

• Visit Times：此面板将显示每小时报告。此选项显示24个数据点，每天一小时一个。 可选地，可以使用–hour-spec = min将小时特异性设置为十分之一水平，这将显示小时为16：4如果您想要发现服务器上的流量峰值，这很好。

• Virtual Hosts：此面板将显示从访问日志中解析的所有不同虚拟主机。如果在日志格式字符串中使用％v，则会显示此面板。

• Referrers URLs：如果相关主机通过其他资源访问了网站，或者是从其他主机链接/转移给您，则会在此面板中提供引用它们的网址。请参阅--ignore-panel配置文件以启用它。 （默认禁用）

• Referring Sites：此面板仅显示主机部分，但不显示整个URL。请求来自的URL。

• Keyphrases：它报告了用于Google搜索，Google缓存和Google翻译的关键字，这些关键字已导致您的网络服务器。目前，它仅通过HTTP支持Google搜索查询。请参阅--ignore-panel配置文件以启用它。 （默认禁用）

• Geo Location：确定IP地址在地理位置的位置。统计数据按大陆和国家分列。它需要使用GeoLocation支持进行编译。

• HTTP Status Codes：HTTP请求的数字状态代码的值。

• Remote User (HTTP authentication)：这是HTTP身份验证确定的请求文档的人员的用户ID。如果文档没有密码保护，则此部分将为“ - ”，就像前一个部分一样。除非%e在log-format变量中给出，否则不会启用此面板。