is a real-time web log analyzer and interactive viewer ("text-based").
| goaccess.1 (goaccess-1.7.1) | : | goaccess.1 (goaccess-1.7.2) |
|---|
| | |
| skipping to change at line 93 | | skipping to change at line 93 |
|---|
| your web server. At present, it only supports Google search queri
es via HTTP. See `--ignore- | | your web server. At present, it only supports Google search queri
es via HTTP. See `--ignore- |
| panel` in your configuration file to enable it. disabled by defau
lt. | | panel` in your configuration file to enable it. disabled by defau
lt. |
| | |
| Geo Location | | Geo Location |
| Determines where an IP address is geographically located. Statisti
cs are broken down by continent | | Determines where an IP address is geographically located. Statisti
cs are broken down by continent |
| and country. It needs to be compiled with GeoLocation support. | | and country. It needs to be compiled with GeoLocation support. |
| | |
| HTTP Status Codes | | HTTP Status Codes |
| The values of the numeric status code to HTTP requests. | | The values of the numeric status code to HTTP requests. |
| | |
|
| | ASN This panel displays ASN (Autonomous System Numbers) data for GeoIP |
| | 2 and legacy databases. Great |
| | for detecting malicious traffic and blocking accordingly. |
| | |
| Remote User (HTTP authentication) | | Remote User (HTTP authentication) |
| This is the userid of the person requesting the document as determ
ined by HTTP authentication. If | | This is the userid of the person requesting the document as determ
ined by HTTP authentication. If |
|
| the document is not password protected, this part will be "-" j
ust like the previous one. This | | the document is not password protected, this part will be "-" just
like the previous one. This |
| panel is not enabled unless %e is given within the log-format vari
able. | | panel is not enabled unless %e is given within the log-format vari
able. |
| | |
| Cache Status | | Cache Status |
|
| If you are using caching on your server, you may be at the point w | | If you are using caching on your server, you may be at the point |
| here you want to know if your | | where you want to know if your |
| request is being cached and served from the cache. This panel sh | | request is being cached and served from the cache. This panel show |
| ows the cache status of the ob- | | s the cache status of the ob- |
| ject the server served. This panel is not enabled unless %C is giv | | ject the server served. This panel is not enabled unless %C is gi |
| en within the log-format vari- | | ven within the log-format vari- |
| able. The status can be either | | able. The status can be either |
| `MISS`, `BYPASS`, `EXPIRED`, `STALE`, `UPDATING`, `REVALIDATED` o
r `HIT` | | `MISS`, `BYPASS`, `EXPIRED`, `STALE`, `UPDATING`, `REVALIDATED` o
r `HIT` |
| | |
| MIME Types | | MIME Types |
|
| This panel specifies Media Types (formerly known as MIME types) a | | This panel specifies Media Types (formerly known as MIME types) an |
| nd Media Subtypes which will be | | d Media Subtypes which will be |
| assigned and listed underneath. This panel is not enabled unless % | | assigned and listed underneath. This panel is not enabled unless |
| M is given within the log-for- | | %M is given within the log-for- |
| mat variable. See https://www.iana.org/assignments/media-types/ | | mat variable. See https://www.iana.org/assignments/media-types/me |
| media-types.xhtml for more de- | | dia-types.xhtml for more de- |
| tails. | | tails. |
| | |
| Encryption Settings | | Encryption Settings |
| This panel shows the SSL/TLS protocol used along the Cipher Suites
. This panel is not enabled un- | | This panel shows the SSL/TLS protocol used along the Cipher Suites
. This panel is not enabled un- |
| less %K is given within the log-format variable. | | less %K is given within the log-format variable. |
| | |
| NOTE: Optionally and if configured, all panels can display the average ti
me taken to serve the request. | | NOTE: Optionally and if configured, all panels can display the average ti
me taken to serve the request. |
| | |
| STORAGE | | STORAGE |
|
| There are three storage options that can be used with GoAccess. Choosin
g one will depend on your envi- | | There are three storage options that can be used with GoAccess. Choosing
one will depend on your envi- |
| ronment and needs. | | ronment and needs. |
| | |
| Default Hash Tables | | Default Hash Tables |
|
| In-memory storage provides better performance at the cost of limit
ing the dataset size to the | | In-memory storage provides better performance at the cost of l
imiting the dataset size to the |
| amount of available physical memory. GoAccess uses in-memory hash
tables. It has very good memory | | amount of available physical memory. GoAccess uses in-memory hash
tables. It has very good memory |
| usage and pretty good performance. This storage has support for on
-disk persistence. | | usage and pretty good performance. This storage has support for on
-disk persistence. |
| | |
| CONFIGURATION | | CONFIGURATION |
| Multiple options can be used to configure GoAccess. For a complete up-to-
date list of configure options, | | Multiple options can be used to configure GoAccess. For a complete up-to-
date list of configure options, |
| run ./configure --help | | run ./configure --help |
| | |
| --enable-debug | | --enable-debug |
| Compile with debugging symbols and turn off compiler optimizations
. | | Compile with debugging symbols and turn off compiler optimizations
. |
| | |
| --enable-utf8 | | --enable-utf8 |
| Compile with wide character support. Ncursesw is required. | | Compile with wide character support. Ncursesw is required. |
| | |
| --enable-geoip=<legacy|mmdb> | | --enable-geoip=<legacy|mmdb> |
|
| Compile with GeoLocation support. MaxMind's GeoIP is required. l
egacy will utilize the original | | Compile with GeoLocation support. MaxMind's GeoIP is required. le
gacy will utilize the original |
| GeoIP databases. mmdb will utilize the enhanced GeoIP2 databases. | | GeoIP databases. mmdb will utilize the enhanced GeoIP2 databases. |
| | |
| --with-getline | | --with-getline |
|
| Dynamically expands line buffer in order to parse full line reques
ts instead of using a fixed | | Dynamically expands line buffer in order to parse full line re
quests instead of using a fixed |
| size buffer of 4096. | | size buffer of 4096. |
| | |
| --with-openssl | | --with-openssl |
| Compile GoAccess with OpenSSL support for its WebSocket server. | | Compile GoAccess with OpenSSL support for its WebSocket server. |
| | |
| OPTIONS | | OPTIONS |
|
| The following options can be supplied to the command or specified in th
e configuration file. If speci- | | The following options can be supplied to the command or specified in the
configuration file. If speci- |
| fied in the configuration file, long options need to be used without prep
ending -- and without using the | | fied in the configuration file, long options need to be used without prep
ending -- and without using the |
| equal sign =. | | equal sign =. |
| | |
| LOG/DATE/TIME FORMAT | | LOG/DATE/TIME FORMAT |
| --time-format=<timeformat> | | --time-format=<timeformat> |
|
| The time-format variable followed by a space, specifies the log
format time containing either a | | The time-format variable followed by a space, specifies the log fo
rmat time containing either a |
| name of a predefined format (see options below) or any combination
of regular characters and spe- | | name of a predefined format (see options below) or any combination
of regular characters and spe- |
| cial format specifiers. | | cial format specifiers. |
| | |
| They all begin with a percentage (%) sign. See `man strftime`. %T
or %H:%M:%S. | | They all begin with a percentage (%) sign. See `man strftime`. %T
or %H:%M:%S. |
| | |
|
| Note that if a timestamp is given in microseconds, %f must be use
d as time-format. If the time- | | Note that if a timestamp is given in microseconds, %f must be used
as time-format. If the time- |
| stamp is given in milliseconds %* must be used as time-format. | | stamp is given in milliseconds %* must be used as time-format. |
| | |
| --date-format=<dateformat> | | --date-format=<dateformat> |
|
| The date-format variable followed by a space, specifies the log fo
rmat time containing either a | | The date-format variable followed by a space, specifies the log
format time containing either a |
| name of a predefined format (see options below) or any combination
of regular characters and spe- | | name of a predefined format (see options below) or any combination
of regular characters and spe- |
| cial format specifiers. | | cial format specifiers. |
| | |
| They all begin with a percentage (%) sign. See `man strftime`. %Y
-%m-%d. | | They all begin with a percentage (%) sign. See `man strftime`. %Y
-%m-%d. |
| | |
|
| Note that if a timestamp is given in microseconds, %f must be used
as date-format. If the time- | | Note that if a timestamp is given in microseconds, %f must be use
d as date-format. If the time- |
| stamp is given in milliseconds %* must be used as date-format. | | stamp is given in milliseconds %* must be used as date-format. |
| | |
| --datetime-format=<date_time_format> | | --datetime-format=<date_time_format> |
|
| The date and time format combines the two variables into a single
option. This gives the ability | | The date and time format combines the two variables into a single
option. This gives the ability |
| to get the timezone from a request and convert it to another timez
one for output. See --tz=<time- | | to get the timezone from a request and convert it to another timez
one for output. See --tz=<time- |
| zone> | | zone> |
| | |
| They all begin with a percentage (%) sign. See `man strftime`. e.g
., %d/%b/%Y:%H:%M:%S %z. | | They all begin with a percentage (%) sign. See `man strftime`. e.g
., %d/%b/%Y:%H:%M:%S %z. |
| | |
| Note that if --datetime-format is used, %x must be passed in the l
og-format variable to represent | | Note that if --datetime-format is used, %x must be passed in the l
og-format variable to represent |
| the date and time field. | | the date and time field. |
| | |
| --log-format=<logformat> | | --log-format=<logformat> |
|
| The log-format variable followed by a space or \t for tab-delimite
d, specifies the log format | | The log-format variable followed by a space or \t for tab-deli
mited, specifies the log format |
| string. | | string. |
| | |
| Note that if there are spaces within the format, the string needs
to be enclosed in single/double | | Note that if there are spaces within the format, the string needs
to be enclosed in single/double |
| quotes. Inner quotes need to be escaped. | | quotes. Inner quotes need to be escaped. |
| | |
|
| In addition to specifying the raw log/date/time formats, for simpl | | In addition to specifying the raw log/date/time formats, for s |
| icity, any of the following | | implicity, any of the following |
| predefined log format names can be supplied to the log/date/time | | predefined log format names can be supplied to the log/date/time-f |
| -format variables. GoAccess can | | ormat variables. GoAccess can |
| also handle one predefined name in one variable and another predef
ined name in another variable. | | also handle one predefined name in one variable and another predef
ined name in another variable. |
| | |
| COMBINED - Combined Log Format, | | COMBINED - Combined Log Format, |
| VCOMBINED - Combined Log Format with Virtual Host, | | VCOMBINED - Combined Log Format with Virtual Host, |
| COMMON - Common Log Format, | | COMMON - Common Log Format, |
| VCOMMON - Common Log Format with Virtual Host, | | VCOMMON - Common Log Format with Virtual Host, |
| W3C - W3C Extended Log File Format, | | W3C - W3C Extended Log File Format, |
| SQUID - Native Squid Log Format, | | SQUID - Native Squid Log Format, |
| CLOUDFRONT - Amazon CloudFront Web Distribution, | | CLOUDFRONT - Amazon CloudFront Web Distribution, |
| CLOUDSTORAGE - Google Cloud Storage, | | CLOUDSTORAGE - Google Cloud Storage, |
| AWSELB - Amazon Elastic Load Balancing, | | AWSELB - Amazon Elastic Load Balancing, |
| AWSS3 - Amazon Simple Storage Service (S3) | | AWSS3 - Amazon Simple Storage Service (S3) |
| AWSALB - Amazon Application Load Balancer | | AWSALB - Amazon Application Load Balancer |
| CADDY - Caddy's JSON Structured format | | CADDY - Caddy's JSON Structured format |
| | |
|
| Note: Piping data into GoAccess won't prompt a log/date/time confi
guration dialog, you will need | | Note: Piping data into GoAccess won't prompt a log/date/time conf
iguration dialog, you will need |
| to previously define it in your configuration file or in the comma
nd line. | | to previously define it in your configuration file or in the comma
nd line. |
| | |
| USER INTERFACE OPTIONS | | USER INTERFACE OPTIONS |
| -c --config-dialog | | -c --config-dialog |
| Prompt log/time/date configuration window on program start. Only w
hen curses is initialized. | | Prompt log/time/date configuration window on program start. Only w
hen curses is initialized. |
| | |
| -i --hl-header | | -i --hl-header |
| Color highlight active terminal panel. | | Color highlight active terminal panel. |
| | |
| -m --with-mouse | | -m --with-mouse |
| | |
| skipping to change at line 229 | | skipping to change at line 232 |
|---|
| | |
| ---color=<fg:bg[attrs, PANEL]> | | ---color=<fg:bg[attrs, PANEL]> |
| Specify custom colors for the terminal output. | | Specify custom colors for the terminal output. |
| | |
| Color Syntax | | Color Syntax |
| DEFINITION space/tab colorFG#:colorBG# [attributes,PANEL] | | DEFINITION space/tab colorFG#:colorBG# [attributes,PANEL] |
| | |
| FG# = foreground color [-1...255] (-1 = default term color) | | FG# = foreground color [-1...255] (-1 = default term color) |
| BG# = background color [-1...255] (-1 = default term color) | | BG# = background color [-1...255] (-1 = default term color) |
| | |
|
| Optionally, it is possible to apply color attributes (multiple a
ttributes are comma separated), | | Optionally, it is possible to apply color attributes (multiple att
ributes are comma separated), |
| such as: bold, underline, normal, reverse, blink | | such as: bold, underline, normal, reverse, blink |
| | |
|
| If desired, it is possible to apply custom colors per panel, that
is, a metric in the REQUESTS | | If desired, it is possible to apply custom colors per panel, th
at is, a metric in the REQUESTS |
| panel can be of color A, while the same metric in the BROWSERS pan
el can be of color B. | | panel can be of color A, while the same metric in the BROWSERS pan
el can be of color B. |
| | |
| Available color definitions: | | Available color definitions: |
| COLOR_MTRC_HITS | | COLOR_MTRC_HITS |
| COLOR_MTRC_VISITORS | | COLOR_MTRC_VISITORS |
| COLOR_MTRC_DATA | | COLOR_MTRC_DATA |
| COLOR_MTRC_BW | | COLOR_MTRC_BW |
| COLOR_MTRC_AVGTS | | COLOR_MTRC_AVGTS |
| COLOR_MTRC_CUMTS | | COLOR_MTRC_CUMTS |
| COLOR_MTRC_MAXTS | | COLOR_MTRC_MAXTS |
| | |
| skipping to change at line 267 | | skipping to change at line 270 |
|---|
| COLOR_OVERALL_VALS | | COLOR_OVERALL_VALS |
| COLOR_OVERALL_PATH | | COLOR_OVERALL_PATH |
| COLOR_ACTIVE_LABEL | | COLOR_ACTIVE_LABEL |
| COLOR_BG | | COLOR_BG |
| COLOR_DEFAULT | | COLOR_DEFAULT |
| COLOR_PROGRESS | | COLOR_PROGRESS |
| | |
| See configuration file for a sample color scheme. | | See configuration file for a sample color scheme. |
| | |
| --color-scheme=<1|2|3> | | --color-scheme=<1|2|3> |
|
| Choose among color schemes. 1 for the default grey scheme. 2 f
or the green scheme. 3 for the | | Choose among color schemes. 1 for the default grey scheme. 2 for
the green scheme. 3 for the |
| Monokai scheme (shown only if terminal supports 256 colors). | | Monokai scheme (shown only if terminal supports 256 colors). |
| | |
| --crawlers-only | | --crawlers-only |
| Parse and display only crawlers (bots). | | Parse and display only crawlers (bots). |
| | |
| --html-custom-css=<path/custom.css> | | --html-custom-css=<path/custom.css> |
| Specifies a custom CSS file path to load in the HTML report. | | Specifies a custom CSS file path to load in the HTML report. |
| | |
| --html-custom-js=<path/custom.js> | | --html-custom-js=<path/custom.js> |
| Specifies a custom JS file path to load in the HTML report. | | Specifies a custom JS file path to load in the HTML report. |
| | |
| --html-report-title=<title> | | --html-report-title=<title> |
| Set HTML report page title and header. | | Set HTML report page title and header. |
| | |
| --html-refresh=<secs> | | --html-refresh=<secs> |
|
| Refresh the HTML report every X seconds. The value has to be betwe
en 1 and 60 seconds. The de- | | Refresh the HTML report every X seconds. The value has to be be
tween 1 and 60 seconds. The de- |
| fault is set to refresh the HTML report every 1 second. | | fault is set to refresh the HTML report every 1 second. |
| | |
| --html-prefs=<JSON> | | --html-prefs=<JSON> |
|
| Set HTML report default preferences. Supply a valid JSON object c
ontaining the HTML preferences. | | Set HTML report default preferences. Supply a valid JSON object co
ntaining the HTML preferences. |
| It allows the ability to customize each panel plot. See example be
low. | | It allows the ability to customize each panel plot. See example be
low. |
| | |
| Note: The JSON object passed needs to be a one line JSON string. F
or instance, | | Note: The JSON object passed needs to be a one line JSON string. F
or instance, |
| | |
| --html-prefs='{"theme":"bright","perPage":5,"layout":"horizontal",
"showTables":true,"visitors":{"plot":{"chartType":"bar"}}}' | | --html-prefs='{"theme":"bright","perPage":5,"layout":"horizontal",
"showTables":true,"visitors":{"plot":{"chartType":"bar"}}}' |
| | |
| --json-pretty-print | | --json-pretty-print |
| Format JSON output using tabs and newlines. | | Format JSON output using tabs and newlines. |
| | |
| Note: This is not recommended when outputting a real-time HTML rep
ort since the WebSocket payload | | Note: This is not recommended when outputting a real-time HTML rep
ort since the WebSocket payload |
| will much much larger. | | will much much larger. |
| | |
| --max-items=<number> | | --max-items=<number> |
| The maximum number of items to display per panel. The maximum can
be a number between 1 and n. | | The maximum number of items to display per panel. The maximum can
be a number between 1 and n. |
| | |
|
| Note: Only the CSV and JSON output allow a maximum number greate
r than the default value of 366 | | Note: Only the CSV and JSON output allow a maximum number greater
than the default value of 366 |
| (or 50 in the real-time HTML output) items per panel. | | (or 50 in the real-time HTML output) items per panel. |
| | |
| --no-color | | --no-color |
| Turn off colored output. This is the default output on terminals t
hat do not support colors. | | Turn off colored output. This is the default output on terminals t
hat do not support colors. |
| | |
| --no-column-names | | --no-column-names |
|
| Don't write column names in the terminal output. By default, it di
splays column names for each | | Don't write column names in the terminal output. By default, it
displays column names for each |
| available metric in every panel. | | available metric in every panel. |
| | |
| --no-csv-summary | | --no-csv-summary |
| Disable summary metrics on the CSV output. | | Disable summary metrics on the CSV output. |
| | |
| --no-progress | | --no-progress |
| Disable progress metrics [total requests/requests per second]. | | Disable progress metrics [total requests/requests per second]. |
| | |
| --no-tab-scroll | | --no-tab-scroll |
|
| Disable scrolling through panels when TAB is pressed or when a pa
nel is selected using a numeric | | Disable scrolling through panels when TAB is pressed or when a pan
el is selected using a numeric |
| key. | | key. |
| | |
| --no-html-last-updated | | --no-html-last-updated |
| Do not show the last updated field displayed in the HTML generated
report. | | Do not show the last updated field displayed in the HTML generated
report. |
| | |
| --no-parsing-spinner | | --no-parsing-spinner |
| Do now show the progress metrics and parsing spinner. | | Do now show the progress metrics and parsing spinner. |
| | |
| --tz=<timezone> | | --tz=<timezone> |
|
| Ouputs the report date/time data in the given timezone. Note that | | Outputs the report date/time data in the given timezone. Note that |
| it uses the canonical timezone | | it uses the canonical timezone |
| name. e.g., Europe/Berlin or America/Chicago or Africa/Cairo | | name. e.g., Europe/Berlin or America/Chicago or Africa/Cairo If |
| If an invalid timezone name is | | an invalid timezone name is |
| given, the ouput will be in GMT. See --datetime-format in order to | | given, the output will be in GMT. See --datetime-format in order |
| properly specify a timezone in | | to properly specify a timezone |
| the date/time format. | | in the date/time format. |
| | |
| SERVER OPTIONS | | SERVER OPTIONS |
|
| Note This is just a WebSocket server to provide the raw real-time data. | | Note This is just a WebSocket server to provide the raw real-time data. |
| It is not a WebServer itself. | | It is not a WebServer itself. |
| To access your reports html file, you will still need your own HTTP serve | | To access your reports html file, you will still need your own HTTP ser |
| r, place the generated report | | ver, place the generated report |
| in it's document root dir and open the html file in your browser. The | | in it's document root dir and open the html file in your browser. The bro |
| browser will then open another | | wser will then open another |
| WebSocket-connection to the ws-server you may setup here, to keep the das
hboard up-to-date. | | WebSocket-connection to the ws-server you may setup here, to keep the das
hboard up-to-date. |
| | |
| --addr Specify IP address to bind the server to. Otherwise it binds to 0.
0.0.0. | | --addr Specify IP address to bind the server to. Otherwise it binds to 0.
0.0.0. |
| | |
|
| Usually there is no need to specify the address, unless you intent
ionally would like to bind the | | Usually there is no need to specify the address, unless you inten
tionally would like to bind the |
| server to a different address within your server. | | server to a different address within your server. |
| | |
| --daemonize | | --daemonize |
| Run GoAccess as daemon (only if --real-time-html enabled). | | Run GoAccess as daemon (only if --real-time-html enabled). |
| | |
| Note: It's important to make use of absolute paths across GoAccess
' configuration. | | Note: It's important to make use of absolute paths across GoAccess
' configuration. |
| | |
| --user-name=<username> | | --user-name=<username> |
| Run GoAccess as the specified user. | | Run GoAccess as the specified user. |
| | |
| Note: It's important to ensure the user or the users' group can ac
cess the input and output files | | Note: It's important to ensure the user or the users' group can ac
cess the input and output files |
|
| as well as any other files needed. Other groups the user belongs | | as well as any other files needed. Other groups the user belon |
| to will be ignored. As such | | gs to will be ignored. As such |
| it's advised to run GoAccess behind a SSL proxy as it's unlike | | it's advised to run GoAccess behind a SSL proxy as it's unlikely t |
| ly this user can access the SSL | | his user can access the SSL |
| certificates. | | certificates. |
| | |
| --origin=<url> | | --origin=<url> |
| Ensure clients send the specified origin header upon the WebSocket
handshake. | | Ensure clients send the specified origin header upon the WebSocket
handshake. |
| | |
| --pid-file=<path/goaccess.pid> | | --pid-file=<path/goaccess.pid> |
| Write the daemon PID to a file when used along the --daemonize opt
ion. | | Write the daemon PID to a file when used along the --daemonize opt
ion. |
| | |
| --port=<port> | | --port=<port> |
| Specify the port to use. By default GoAccess' WebSocket server lis
tens on port 7890. | | Specify the port to use. By default GoAccess' WebSocket server lis
tens on port 7890. |
| | |
| --real-time-html | | --real-time-html |
| Enable real-time HTML output. | | Enable real-time HTML output. |
| | |
|
| GoAccess uses its own WebSocket server to push the data from the
server to the client. See | | GoAccess uses its own WebSocket server to push the data fro
m the server to the client. See |
| http://gwsocket.io for more details how the WebSocket server works
. | | http://gwsocket.io for more details how the WebSocket server works
. |
| | |
| --ws-url=<[scheme://]url[:port]> | | --ws-url=<[scheme://]url[:port]> |
| URL to which the WebSocket server responds. This is the URL suppli
ed to the WebSocket constructor | | URL to which the WebSocket server responds. This is the URL suppli
ed to the WebSocket constructor |
| on the client side. | | on the client side. |
| | |
| Optionally, it is possible to specify the WebSocket URI scheme, su
ch as ws:// or wss:// for unen- | | Optionally, it is possible to specify the WebSocket URI scheme, su
ch as ws:// or wss:// for unen- |
| crypted and encrypted connections. e.g., wss://goaccess.io | | crypted and encrypted connections. e.g., wss://goaccess.io |
| | |
|
| If GoAccess is running behind a proxy, you could set the client
side to connect to a different | | If GoAccess is running behind a proxy, you could set the client si
de to connect to a different |
| port by specifying the host followed by a colon and the port. e.g
., goaccess.io:9999 | | port by specifying the host followed by a colon and the port. e.g
., goaccess.io:9999 |
| | |
| By default, it will attempt to connect to the generated report's h
ostname. If GoAccess is running | | By default, it will attempt to connect to the generated report's h
ostname. If GoAccess is running |
| on a remote server, the host of the remote server should be specif
ied here. Also, make sure it is | | on a remote server, the host of the remote server should be specif
ied here. Also, make sure it is |
| a valid host and NOT an http address. | | a valid host and NOT an http address. |
| | |
| --ping-interval=<secs> | | --ping-interval=<secs> |
|
| Enable WebSocket ping with specified interval in seconds. This he
lps prevent idle connections | | Enable WebSocket ping with specified interval in seconds. This
helps prevent idle connections |
| getting disconnected. | | getting disconnected. |
| | |
| --fifo-in=<path/file> | | --fifo-in=<path/file> |
| Creates a named pipe (FIFO) that reads from on the given path/file
. | | Creates a named pipe (FIFO) that reads from on the given path/file
. |
| | |
| --fifo-out=<path/file> | | --fifo-out=<path/file> |
| Creates a named pipe (FIFO) that writes to the given path/file. | | Creates a named pipe (FIFO) that writes to the given path/file. |
| | |
| --ssl-cert=<cert.crt> | | --ssl-cert=<cert.crt> |
|
| Path to TLS/SSL certificate. In order to enable TLS/SSL support
, GoAccess requires that --ssl- | | Path to TLS/SSL certificate. In order to enable TLS/SSL support, G
oAccess requires that --ssl- |
| cert and --ssl-key are used. | | cert and --ssl-key are used. |
| | |
| Only if configured using --with-openssl | | Only if configured using --with-openssl |
| | |
| --ssl-key=<priv.key> | | --ssl-key=<priv.key> |
|
| Path to TLS/SSL private key. In order to enable TLS/SSL support, G
oAccess requires that --ssl- | | Path to TLS/SSL private key. In order to enable TLS/SSL support
, GoAccess requires that --ssl- |
| cert and --ssl-key are used. | | cert and --ssl-key are used. |
| | |
| Only if configured using --with-openssl | | Only if configured using --with-openssl |
| | |
| FILE OPTIONS | | FILE OPTIONS |
| - The log file to parse is read from stdin. | | - The log file to parse is read from stdin. |
| | |
| -f --log-file=<logfile> | | -f --log-file=<logfile> |
|
| Specify the path to the input log file. If set in the config file
, it will take priority over -f | | Specify the path to the input log file. If set in the config file,
it will take priority over -f |
| from the command line. | | from the command line. |
| | |
| -S --log-size=<bytes> | | -S --log-size=<bytes> |
| Specify the log size in bytes. This is useful when piping in logs
for processing in which the log | | Specify the log size in bytes. This is useful when piping in logs
for processing in which the log |
| size can be explicitly set. | | size can be explicitly set. |
| | |
| -l --debug-file=<debugfile> | | -l --debug-file=<debugfile> |
| Send all debug messages to the specified file. | | Send all debug messages to the specified file. |
| | |
| -p --config-file=<configfile> | | -p --config-file=<configfile> |
| Specify a custom configuration file to use. If set, it will take p
riority over the global config- | | Specify a custom configuration file to use. If set, it will take p
riority over the global config- |
| uration file (if any). | | uration file (if any). |
| | |
|
| | --external-assets |
| | Output HTML assets to external JS/CSS files. Great if you are set |
| | ting up Content Security Policy |
| | (CSP). This will create two separate files, goaccess.js and goacce |
| | ss.css , in the same directory |
| | as your report.html file. |
| | |
| --invalid-requests=<filename> | | --invalid-requests=<filename> |
| Log invalid requests to the specified file. | | Log invalid requests to the specified file. |
| | |
| --unknowns-log=<filename> | | --unknowns-log=<filename> |
| Log unknown browsers and OSs to the specified file. | | Log unknown browsers and OSs to the specified file. |
| | |
| --no-global-config | | --no-global-config |
|
| Do not load the global configuration file. This directory should n | | Do not load the global configuration file. This directory should |
| ormally be /usr/local/etc, un- | | normally be /usr/local/etc, un- |
| less specified with --sysconfdir=/dir. See --dcf option for fi | | less specified with --sysconfdir=/dir. See --dcf option for findi |
| nding the default configuration | | ng the default configuration |
| file. | | file. |
| | |
| PARSE OPTIONS | | PARSE OPTIONS |
| -a --agent-list | | -a --agent-list |
| Enable a list of user-agents by host. For faster parsing, do not e
nable this flag. | | Enable a list of user-agents by host. For faster parsing, do not e
nable this flag. |
| | |
| -d --with-output-resolver | | -d --with-output-resolver |
| Enable IP resolver on HTML|JSON output. | | Enable IP resolver on HTML|JSON output. |
| | |
| -e --exclude-ip=<IP|IP-range> | | -e --exclude-ip=<IP|IP-range> |
|
| Exclude an IPv4 or IPv6 from being counted. Ranges can be include
d as well using a dash in be- | | Exclude an IPv4 or IPv6 from being counted. Ranges can be inclu
ded as well using a dash in be- |
| tween the IPs (start-end). | | tween the IPs (start-end). |
| | |
| Examples: | | Examples: |
| exclude-ip 127.0.0.1 | | exclude-ip 127.0.0.1 |
| exclude-ip 192.168.0.1-192.168.0.100 | | exclude-ip 192.168.0.1-192.168.0.100 |
| exclude-ip ::1 | | exclude-ip ::1 |
| exclude-ip 0:0:0:0:0:ffff:808:804-0:0:0:0:0:ffff:808:808 | | exclude-ip 0:0:0:0:0:ffff:808:804-0:0:0:0:0:ffff:808:808 |
| | |
| -H --http-protocol=<yes|no> | | -H --http-protocol=<yes|no> |
| Set/unset HTTP request protocol. This will create a request key co
ntaining the request protocol + | | Set/unset HTTP request protocol. This will create a request key co
ntaining the request protocol + |
| the actual request. | | the actual request. |
| | |
| -M --http-method=<yes|no> | | -M --http-method=<yes|no> |
| Set/unset HTTP request method. This will create a request key cont
aining the request method + the | | Set/unset HTTP request method. This will create a request key cont
aining the request method + the |
| actual request. | | actual request. |
| | |
| -o --output=<path/file.[json|csv|html]> | | -o --output=<path/file.[json|csv|html]> |
|
| Write output to stdout given one of the following files and the
corresponding extension for the | | Write output to stdout given one of the following files and the co
rresponding extension for the |
| output format: | | output format: |
| | |
| /path/file.csv - Comma-separated values (CSV) | | /path/file.csv - Comma-separated values (CSV) |
| /path/file.json - JSON (JavaScript Object Notation) | | /path/file.json - JSON (JavaScript Object Notation) |
| /path/file.html - HTML | | /path/file.html - HTML |
| | |
| -q --no-query-string | | -q --no-query-string |
| Ignore request's query string. i.e., www.google.com/page.htm?query
=> www.google.com/page.htm. | | Ignore request's query string. i.e., www.google.com/page.htm?query
=> www.google.com/page.htm. |
| | |
|
| Note: Removing the query string can greatly decrease memory consu
mption, especially on times- | | Note: Removing the query string can greatly decrease memory co
nsumption, especially on times- |
| tamped requests. | | tamped requests. |
| | |
| -r --no-term-resolver | | -r --no-term-resolver |
| Disable IP resolver on terminal output. | | Disable IP resolver on terminal output. |
| | |
| --444-as-404 | | --444-as-404 |
| Treat non-standard status code 444 as 404. | | Treat non-standard status code 444 as 404. |
| | |
| --4xx-to-unique-count | | --4xx-to-unique-count |
| Add 4xx client errors to the unique visitors count. | | Add 4xx client errors to the unique visitors count. |
| | |
| --anonymize-ip | | --anonymize-ip |
|
| Anonymize the client IP address. The IP anonymization option sets | | Anonymize the client IP address. The IP anonymization option sets |
| the last octet of IPv4 user IP | | the last octet of IPv4 user IP |
| addresses and the last 80 bits of IPv6 addresses to zeros. e.g., | | addresses and the last 80 bits of IPv6 addresses to zeros. e.g., |
| 192.168.20.100 => 192.168.20.0 | | 192.168.20.100 => 192.168.20.0 |
| e.g., 2a03:2880:2110:df07:face:b00c::1 => 2a03:2880:2110:df07:: | | e.g., 2a03:2880:2110:df07:face:b00c::1 => 2a03:2880:2110:df07:: |
| | |
| --anonymize-level | | --anonymize-level |
| Specifies the anonymization levels: 1 => default, 2 => strong, 3 =
> pedantic. | | Specifies the anonymization levels: 1 => default, 2 => strong, 3 =
> pedantic. |
| | |
| ┌────────────┬─────────┬─────────┬─────────┐ | | ┌────────────┬─────────┬─────────┬─────────┐ |
| │Bits-hidden │ Level 1 │ Level 2 │ Level 3 │ | | │Bits-hidden │ Level 1 │ Level 2 │ Level 3 │ |
| ├────────────┼─────────┼─────────┼─────────┤ | | ├────────────┼─────────┼─────────┼─────────┤ |
| │IPv4 │ 8 │ 16 │ 24 │ | | │IPv4 │ 8 │ 16 │ 24 │ |
| ├────────────┼─────────┼─────────┼─────────┤ | | ├────────────┼─────────┼─────────┼─────────┤ |
| │IPv6 │ 64 │ 80 │ 96 │ | | │IPv6 │ 64 │ 80 │ 96 │ |
| └────────────┴─────────┴─────────┴─────────┘ | | └────────────┴─────────┴─────────┴─────────┘ |
| | |
| --all-static-files | | --all-static-files |
| Include static files that contain a query string. e.g., /fonts/fon
tawesome-webfont.woff?v=4.0.3 | | Include static files that contain a query string. e.g., /fonts/fon
tawesome-webfont.woff?v=4.0.3 |
| | |
| --browsers-file=<path> | | --browsers-file=<path> |
|
| By default GoAccess parses an "essential/basic" curated list of b
rowsers & crawlers. If you need | | By default GoAccess parses an "essential/basic" curated list of br
owsers & crawlers. If you need |
| to add additional browsers, use this option. Include an
additional delimited list of | | to add additional browsers, use this option. Include an
additional delimited list of |
|
| browsers/crawlers/feeds etc. See config/browsers.list for an exa
mple or https://raw.githubuser- | | browsers/crawlers/feeds etc. See config/browsers.list for an exam
ple or https://raw.githubuser- |
| content.com/allinurl/goaccess/master/config/browsers.list | | content.com/allinurl/goaccess/master/config/browsers.list |
| | |
| --date-spec=<date|hr|min> | | --date-spec=<date|hr|min> |
|
| Set the date specificity to either date (default), hr to display h
ours or min to display minutes | | Set the date specificity to either date (default), hr to display
hours or min to display minutes |
| appended to the date. | | appended to the date. |
| | |
|
| This is used in the visitors panel. It's useful for tracking visi | | This is used in the visitors panel. It's useful for tracking visit |
| tors at the hour level. For in- | | ors at the hour level. For in- |
| stance, an hour specificity would yield to display traffic as 18/ | | stance, an hour specificity would yield to display traffic as |
| Dec/2010:19 or minute speci- | | 18/Dec/2010:19 or minute speci- |
| ficity 18/Dec/2010:19:59. | | ficity 18/Dec/2010:19:59. |
| | |
| --double-decode | | --double-decode |
| Decode double-encoded values. This includes, user-agent, request,
and referrer. | | Decode double-encoded values. This includes, user-agent, request,
and referrer. |
| | |
| --enable-panel=<PANEL> | | --enable-panel=<PANEL> |
| Enable parsing and displaying the given panel. | | Enable parsing and displaying the given panel. |
| | |
| Available panels: | | Available panels: |
| VISITORS | | VISITORS |
| | |
| skipping to change at line 547 | | skipping to change at line 555 |
|---|
| REFERRING_SITES | | REFERRING_SITES |
| KEYPHRASES | | KEYPHRASES |
| STATUS_CODES | | STATUS_CODES |
| REMOTE_USER | | REMOTE_USER |
| CACHE_STATUS | | CACHE_STATUS |
| GEO_LOCATION | | GEO_LOCATION |
| MIME_TYPE | | MIME_TYPE |
| TLS_TYPE | | TLS_TYPE |
| | |
| --fname-as-vhost=<regex> | | --fname-as-vhost=<regex> |
|
| Use log filename(s) as virtual host(s). POSIX regex is passed t | | Use log filename(s) as virtual host(s). POSIX regex is passed to e |
| o extract the virtual host from | | xtract the virtual host from |
| the filename. e.g., --fname-as-vhost='[a-z]*.[a-z]*' can be used t | | the filename. e.g., --fname-as-vhost='[a-z]*.[a-z]*' can be use |
| o extract awesome.com.log => | | d to extract awesome.com.log => |
| awesome.com. | | awesome.com. |
| | |
| --hide-referrer=<NEEDLE> | | --hide-referrer=<NEEDLE> |
| Hide a referrer but still count it. Wild cards are allowed in the
needle. i.e., *.bing.com. | | Hide a referrer but still count it. Wild cards are allowed in the
needle. i.e., *.bing.com. |
| | |
| --hour-spec=<hr|min> | | --hour-spec=<hr|min> |
| Set the time specificity to either hour (default) or min to displa
y the tenth of an hour appended | | Set the time specificity to either hour (default) or min to displa
y the tenth of an hour appended |
| to the hour. | | to the hour. |
| | |
|
| This is used in the time distribution panel. It's useful for track
ing peaks of traffic on your | | This is used in the time distribution panel. It's useful for tr
acking peaks of traffic on your |
| server at specific times. | | server at specific times. |
| | |
| --ignore-crawlers | | --ignore-crawlers |
| Ignore crawlers from being counted. | | Ignore crawlers from being counted. |
| | |
| --unknowns-as-crawlers | | --unknowns-as-crawlers |
| Classify unknown OS and browsers as crawlers. | | Classify unknown OS and browsers as crawlers. |
| | |
| --ignore-panel=<PANEL> | | --ignore-panel=<PANEL> |
| Ignore parsing and displaying the given panel. | | Ignore parsing and displaying the given panel. |
| | |
| skipping to change at line 591 | | skipping to change at line 599 |
|---|
| REFERRING_SITES | | REFERRING_SITES |
| KEYPHRASES | | KEYPHRASES |
| STATUS_CODES | | STATUS_CODES |
| REMOTE_USER | | REMOTE_USER |
| CACHE_STATUS | | CACHE_STATUS |
| GEO_LOCATION | | GEO_LOCATION |
| MIME_TYPE | | MIME_TYPE |
| TLS_TYPE | | TLS_TYPE |
| | |
| --ignore-referrer=<referrer> | | --ignore-referrer=<referrer> |
|
| Ignore referers from being counted. Wildcards allowed. e.g., *.dom
ain.com ww?.domain.* | | Ignore referrers from being counted. Wildcards allowed. e.g., *.do
main.com ww?.domain.* |
| | |
| --ignore-statics=<req|panel> | | --ignore-statics=<req|panel> |
| Ignore static file requests. | | Ignore static file requests. |
| | |
| req | | req |
| Only ignore request from valid requests | | Only ignore request from valid requests |
| | |
| panels | | panels |
| Ignore request from panels. | | Ignore request from panels. |
| | |
| Note that it will count them towards the total number of request
s | | Note that it will count them towards the total number of request
s |
| | |
| --ignore-status=<CODE> | | --ignore-status=<CODE> |
| Ignore parsing and displaying one or multiple status code(s). For
multiple status codes, use this | | Ignore parsing and displaying one or multiple status code(s). For
multiple status codes, use this |
| option multiple times. | | option multiple times. |
| | |
| --keep-last=<num_days> | | --keep-last=<num_days> |
|
| Keep the last specified number of days in storage. This will recyc
le the storage tables. e.g., | | Keep the last specified number of days in storage. This will re
cycle the storage tables. e.g., |
| keep & show only the last 7 days. | | keep & show only the last 7 days. |
| | |
| --no-ip-validation | | --no-ip-validation |
|
| Disable client IP validation. Useful if IP addresses have been | | Disable client IP validation. Useful if IP addresses have been obf |
| obfuscated before being logged. | | uscated before being logged. |
| The log still needs to contain a placeholder for %h usuall | | The log still needs to contain a placeholder for %h usua |
| y it's a resolved IP. e.g. | | lly it's a resolved IP. e.g. |
| ord37s19-in-f14.1e100.net. | | ord37s19-in-f14.1e100.net. |
| | |
| --no-strict-status | | --no-strict-status |
|
| Disable HTTP status code validation. Some servers would record
this value only if a connection | | Disable HTTP status code validation. Some servers would record thi
s value only if a connection |
| was established to the target and the target sent a response. Oth
erwise, it could be recorded as | | was established to the target and the target sent a response. Oth
erwise, it could be recorded as |
| -. | | -. |
| | |
| --num-tests=<number> | | --num-tests=<number> |
|
| Number of lines from the access log to test against the provid | | Number of lines from the access log to test against the provided |
| ed log/date/time format. By de- | | log/date/time format. By de- |
| fault, the parser is set to test 10 lines. If set to 0, the parser | | fault, the parser is set to test 10 lines. If set to 0, the parse |
| won't test any lines and will | | r won't test any lines and will |
| parse the whole access log. If a line matches the given log/dat | | parse the whole access log. If a line matches the given log/date/t |
| e/time format before it reaches | | ime format before it reaches |
| <number>, the parser will consider the log to be valid, otherwise
GoAccess will return EXIT_FAIL- | | <number>, the parser will consider the log to be valid, otherwise
GoAccess will return EXIT_FAIL- |
| URE and display the relevant error messages. | | URE and display the relevant error messages. |
| | |
| --process-and-exit | | --process-and-exit |
|
| Parse log and exit without outputting data. Useful if we are look
ing to only add new data to the | | Parse log and exit without outputting data. Useful if we are looki
ng to only add new data to the |
| on-disk database without outputting to a file or a terminal. | | on-disk database without outputting to a file or a terminal. |
| | |
| --real-os | | --real-os |
| Display real OS names. e.g, Windows XP, Snow Leopard. | | Display real OS names. e.g, Windows XP, Snow Leopard. |
| | |
| --sort-panel=<PANEL,FIELD,ORDER> | | --sort-panel=<PANEL,FIELD,ORDER> |
|
| Sort panel on initial load. Sort options are separated by comma
. Options are in the form: | | Sort panel on initial load. Sort options are separated by
comma. Options are in the form: |
| PANEL,METRIC,ORDER | | PANEL,METRIC,ORDER |
| | |
| Available metrics: | | Available metrics: |
| BY_HITS - Sort by hits | | BY_HITS - Sort by hits |
| BY_VISITORS - Sort by unique visitors | | BY_VISITORS - Sort by unique visitors |
| BY_DATA - Sort by data | | BY_DATA - Sort by data |
| BY_BW - Sort by bandwidth | | BY_BW - Sort by bandwidth |
| BY_AVGTS - Sort by average time served | | BY_AVGTS - Sort by average time served |
| BY_CUMTS - Sort by cumulative time served | | BY_CUMTS - Sort by cumulative time served |
| BY_MAXTS - Sort by maximum time served | | BY_MAXTS - Sort by maximum time served |
| | |
| skipping to change at line 666 | | skipping to change at line 674 |
|---|
| Add static file extension. e.g.: .mp3 Extensions are case sensitiv
e. | | Add static file extension. e.g.: .mp3 Extensions are case sensitiv
e. |
| | |
| GEOLOCATION OPTIONS | | GEOLOCATION OPTIONS |
| -g --std-geoip | | -g --std-geoip |
| Standard GeoIP database for less memory usage. | | Standard GeoIP database for less memory usage. |
| | |
| --geoip-database=<geofile> | | --geoip-database=<geofile> |
| Specify path to GeoIP database file. i.e., GeoLiteCity.dat. | | Specify path to GeoIP database file. i.e., GeoLiteCity.dat. |
| | |
| If using GeoIP2, you will need to download the GeoLite2 City or Co
untry database from MaxMind.com | | If using GeoIP2, you will need to download the GeoLite2 City or Co
untry database from MaxMind.com |
|
| and use the option --geoip-database to specify the database. You c
an also get updated database | | and use the option --geoip-database to specify the database. Yo
u can also get updated database |
| files for GeoIP legacy, you can find these as GeoLite Legacy Datab
ases from MaxMind.com. IPv4 and | | files for GeoIP legacy, you can find these as GeoLite Legacy Datab
ases from MaxMind.com. IPv4 and |
| IPv6 files are supported as well. For updated DB URLs, please see
the default GoAccess configura- | | IPv6 files are supported as well. For updated DB URLs, please see
the default GoAccess configura- |
| tion file. | | tion file. |
| | |
| Note: --geoip-city-data is an alias of --geoip-database. | | Note: --geoip-city-data is an alias of --geoip-database. |
| | |
| OTHER OPTIONS | | OTHER OPTIONS |
| -h --help | | -h --help |
| The help. | | The help. |
| | |
| | |
| skipping to change at line 700 | | skipping to change at line 708 |
|---|
| --restore | | --restore |
| Load previously stored data from disk. If reading persisted data o
nly, the database files need to | | Load previously stored data from disk. If reading persisted data o
nly, the database files need to |
| exist. See --persist and examples below. | | exist. See --persist and examples below. |
| | |
| --db-path=<dir> | | --db-path=<dir> |
| Path where the on-disk database files are stored. The default valu
e is the /tmp directory. | | Path where the on-disk database files are stored. The default valu
e is the /tmp directory. |
| | |
| CUSTOM LOG/DATE FORMAT | | CUSTOM LOG/DATE FORMAT |
| GoAccess can parse virtually any web log format. | | GoAccess can parse virtually any web log format. |
| | |
|
| Predefined options include, Common Log Format (CLF), Combined Log Form
at (XLF/ELF), including virtual | | Predefined options include, Common Log Format (CLF), Combined Log Format
(XLF/ELF), including virtual |
| host, Amazon CloudFront (Download Distribution), Google Cloud Storage and
W3C format (IIS). | | host, Amazon CloudFront (Download Distribution), Google Cloud Storage and
W3C format (IIS). |
| | |
| GoAccess allows any custom format string as well. | | GoAccess allows any custom format string as well. |
| | |
| There are two ways to configure the log format. The easiest is to run Go
Access with -c to prompt a con- | | There are two ways to configure the log format. The easiest is to run Go
Access with -c to prompt a con- |
| figuration window. Otherwise, it can be configured under ~/.goaccessrc or
the %sysconfdir%. | | figuration window. Otherwise, it can be configured under ~/.goaccessrc or
the %sysconfdir%. |
| | |
| time-format | | time-format |
| The time-format variable followed by a space, specifies the log fo
rmat time containing any combi- | | The time-format variable followed by a space, specifies the log fo
rmat time containing any combi- |
| nation of regular characters and special format specifiers. They
all begin with a percentage (%) | | nation of regular characters and special format specifiers. They
all begin with a percentage (%) |
| sign. See `man strftime`. %T or %H:%M:%S. | | sign. See `man strftime`. %T or %H:%M:%S. |
| | |
|
| Note: If a timestamp is given in microseconds, %f must be used as
time-format or %* if the time- | | Note: If a timestamp is given in microseconds, %f must be used as
time-format or %* if the time- |
| stamp is given in milliseconds. | | stamp is given in milliseconds. |
| | |
| date-format | | date-format |
| The date-format variable followed by a space, specifies the log fo
rmat date containing any combi- | | The date-format variable followed by a space, specifies the log fo
rmat date containing any combi- |
|
| nation of regular characters and special format specifiers. They
all begin with a percentage (%) | | nation of regular characters and special format specifiers. They a
ll begin with a percentage (%) |
| sign. See `man strftime`. e.g., %Y-%m-%d. | | sign. See `man strftime`. e.g., %Y-%m-%d. |
| | |
|
| Note: If a timestamp is given in microseconds, %f must be used as
date-format or %* if the time- | | Note: If a timestamp is given in microseconds, %f must be used as
date-format or %* if the time- |
| stamp is given in milliseconds. | | stamp is given in milliseconds. |
| | |
| log-format | | log-format |
| The log-format variable followed by a space or \t , specifies the
log format string. | | The log-format variable followed by a space or \t , specifies the
log format string. |
| | |
| %x A date and time field matching the time-format and date-format var
iables. This is used when given | | %x A date and time field matching the time-format and date-format var
iables. This is used when given |
|
| a timestamp or the date & time are concatenated as a single
string (e.g., 1501647332 or | | a timestamp or the date & time are concatenated as a sin
gle string (e.g., 1501647332 or |
| 20170801235000) instead of the date and time being in two separate
d variables. | | 20170801235000) instead of the date and time being in two separate
d variables. |
| | |
| %t time field matching the time-format variable. | | %t time field matching the time-format variable. |
| | |
| %d date field matching the date-format variable. | | %d date field matching the date-format variable. |
| | |
| %v The canonical Server Name of the server serving the request (Virtu
al Host). | | %v The canonical Server Name of the server serving the request (Virtu
al Host). |
| | |
| %e This is the userid of the person requesting the document as determ
ined by HTTP authentication. | | %e This is the userid of the person requesting the document as determ
ined by HTTP authentication. |
| | |
| %C The cache status of the object the server served. | | %C The cache status of the object the server served. |
| | |
| %h host (the client IP address, either IPv4 or IPv6) | | %h host (the client IP address, either IPv4 or IPv6) |
| | |
| %r The request line from the client. This requires specific delimiter
s around the request (as single | | %r The request line from the client. This requires specific delimiter
s around the request (as single |
|
| quotes, double quotes, or anything else) to be parsable. If not, w
e have to use a combination of | | quotes, double quotes, or anything else) to be parsable. If not,
we have to use a combination of |
| special format specifiers as %m %U %H. | | special format specifiers as %m %U %H. |
| | |
| %q The query string. | | %q The query string. |
| | |
| %m The request method. | | %m The request method. |
| | |
| %U The URL path requested. | | %U The URL path requested. |
| | |
|
| Note: If the query string is in %U, there is no need to use %q. | | Note: If the query string is in %U, there is no need to use %q. H |
| However, if the URL path, does | | owever, if the URL path, does |
| not include any query string, you may use %q and the query string | | not include any query string, you may use %q and the query str |
| will be appended to the re- | | ing will be appended to the re- |
| quest. | | quest. |
| | |
| %H The request protocol. | | %H The request protocol. |
| | |
| %s The status code that the server sends back to the client. | | %s The status code that the server sends back to the client. |
| | |
| %b The size of the object returned to the client. | | %b The size of the object returned to the client. |
| | |
| %R The "Referrer" HTTP request header. | | %R The "Referrer" HTTP request header. |
| | |
| | |
| skipping to change at line 787 | | skipping to change at line 795 |
|---|
| %L The time taken to serve the request, in milliseconds as a decimal
number. | | %L The time taken to serve the request, in milliseconds as a decimal
number. |
| | |
| %n The time taken to serve the request, in nanoseconds. | | %n The time taken to serve the request, in nanoseconds. |
| | |
| %^ Ignore this field. | | %^ Ignore this field. |
| | |
| %~ Move forward through the log string until a non-space (!isspace) c
har is found. | | %~ Move forward through the log string until a non-space (!isspace) c
har is found. |
| | |
| ~h The host (the client IP address, either IPv4 or IPv6) in a X-Forwa
rded-For (XFF) field. | | ~h The host (the client IP address, either IPv4 or IPv6) in a X-Forwa
rded-For (XFF) field. |
| | |
|
| It uses a special specifier which consists of a tilde before the
host specifier, followed by the | | It uses a special specifier which consists of a tilde before the h
ost specifier, followed by the |
| character(s) that delimit the XFF field, which are enclosed by cur
ly braces. i.e., "~h{, } | | character(s) that delimit the XFF field, which are enclosed by cur
ly braces. i.e., "~h{, } |
| | |
|
| For example, "~h{, }" is used in order to parse "11.25.11.53, 17.6
8.33.17" field which is delim- | | For example, "~h{, }" is used in order to parse "11.25.11.53, 17.
68.33.17" field which is delim- |
| ited by a comma and a space (enclosed by double quotes). | | ited by a comma and a space (enclosed by double quotes). |
| | |
| ┌─────────────────────────────────────┬───────────┐ | | ┌─────────────────────────────────────┬───────────┐ |
| │XFF field │ specifier │ | | │XFF field │ specifier │ |
| ├─────────────────────────────────────┼───────────┤ | | ├─────────────────────────────────────┼───────────┤ |
| │"192.1.2.3, 192.68.33.17, 192.1.1.2" │ "~h{, }" │ | | │"192.1.2.3, 192.68.33.17, 192.1.1.2" │ "~h{, }" │ |
| ├─────────────────────────────────────┼───────────┤ | | ├─────────────────────────────────────┼───────────┤ |
| │"192.1.2.12", "192.68.33.17" │ ~h{", } │ | | │"192.1.2.12", "192.68.33.17" │ ~h{", } │ |
| ├─────────────────────────────────────┼───────────┤ | | ├─────────────────────────────────────┼───────────┤ |
| │192.1.2.12, 192.68.33.17 │ ~h{, } │ | | │192.1.2.12, 192.68.33.17 │ ~h{, } │ |
| ├─────────────────────────────────────┼───────────┤ | | ├─────────────────────────────────────┼───────────┤ |
| │192.1.2.14 192.68.33.17 192.1.1.2 │ ~h{ } │ | | │192.1.2.14 192.68.33.17 192.1.1.2 │ ~h{ } │ |
| └─────────────────────────────────────┴───────────┘ | | └─────────────────────────────────────┴───────────┘ |
| | |
|
| Note: In order to get the average, cumulative and maximum time serve | | Note: In order to get the average, cumulative and maximum time served in |
| d in GoAccess, you will need to | | GoAccess, you will need to |
| start logging response times in your web server. In Nginx you can add $re | | start logging response times in your web server. In Nginx you can add $r |
| quest_time to your log format, | | equest_time to your log format, |
| or %D in Apache. | | or %D in Apache. |
| | |
|
| Important: If multiple time served specifiers are used at the same time
, the first option specified in | | Important: If multiple time served specifiers are used at the same time,
the first option specified in |
| the format string will take priority over the other specifiers. | | the format string will take priority over the other specifiers. |
| | |
| GoAccess requires the following fields: | | GoAccess requires the following fields: |
| | |
| %h a valid IPv4/6 | | %h a valid IPv4/6 |
| | |
| %d a valid date | | %d a valid date |
| | |
| %r the request | | %r the request |
| | |
| | |
| skipping to change at line 885 | | skipping to change at line 893 |
|---|
| | |
| To generate a CSV file: | | To generate a CSV file: |
| | |
| # goaccess access.log --no-csv-summary -o report.csv | | # goaccess access.log --no-csv-summary -o report.csv |
| | |
| GoAccess also allows great flexibility for real-time filtering and parsin
g. For instance, to quickly di- | | GoAccess also allows great flexibility for real-time filtering and parsin
g. For instance, to quickly di- |
| agnose issues by monitoring logs since goaccess was started: | | agnose issues by monitoring logs since goaccess was started: |
| | |
| # tail -f access.log | goaccess - | | # tail -f access.log | goaccess - |
| | |
|
| And even better, to filter while maintaining opened a pipe to preserve re
al-time analysis, we can make | | And even better, to filter while maintaining opened a pipe to preserve
real-time analysis, we can make |
| use of tail -f and a matching pattern tool such as grep, awk, sed, etc: | | use of tail -f and a matching pattern tool such as grep, awk, sed, etc: |
| | |
| # tail -f access.log | grep -i --line-buffered 'firefox' | goacces
s --log-format=COMBINED - | | # tail -f access.log | grep -i --line-buffered 'firefox' | goacces
s --log-format=COMBINED - |
| | |
| or to parse from the beginning of the file while maintaining the pipe ope
ned and applying a filter | | or to parse from the beginning of the file while maintaining the pipe ope
ned and applying a filter |
| | |
|
| # tail -f -n +0 access.log | grep -i --line-buffered 'firefox' |
goaccess --log-format=COMBINED | | # tail -f -n +0 access.log | grep -i --line-buffered 'firefox' |
goaccess --log-format=COMBINED |
| -o report.html --real-time-html - | | -o report.html --real-time-html - |
| | |
| or to convert the log date timezone to a different timezone, e.g., Europe
/Berlin | | or to convert the log date timezone to a different timezone, e.g., Europe
/Berlin |
| | |
|
| # goaccess access.log --log-format='%h %^[%x] "%r" %s %b
"%R" "%u"' --datetime-for- | | # goaccess access.log --log-format='%h %^[%x] "%r" %s %
b "%R" "%u"' --datetime-for- |
| mat='%d/%b/%Y:%H:%M:%S %z' --tz=Europe/Berlin --date-spec=min | | mat='%d/%b/%Y:%H:%M:%S %z' --tz=Europe/Berlin --date-spec=min |
| | |
| MULTIPLE LOG FILES | | MULTIPLE LOG FILES |
|
| There are several ways to parse multiple logs with GoAccess. The simples
t is to pass multiple log files | | There are several ways to parse multiple logs with GoAccess. The simplest
is to pass multiple log files |
| to the command line: | | to the command line: |
| | |
| # goaccess access.log access.log.1 | | # goaccess access.log access.log.1 |
| | |
| It's even possible to parse files from a pipe while reading regular files
: | | It's even possible to parse files from a pipe while reading regular files
: |
| | |
| # cat access.log.2 | goaccess access.log access.log.1 - | | # cat access.log.2 | goaccess access.log access.log.1 - |
| | |
|
| Note that the single dash is appended to the command line to let GoAccess
know that it should read from | | Note that the single dash is appended to the command line to let GoAcces
s know that it should read from |
| the pipe. | | the pipe. |
| | |
|
| Now if we want to add more flexibility to GoAccess, we can do a serie | | Now if we want to add more flexibility to GoAccess, we can do a series of |
| s of pipes. For instance, if we | | pipes. For instance, if we |
| would like to process all compressed log files access.log.*.gz in additio | | would like to process all compressed log files access.log.*.gz in addit |
| n to the current log file, we | | ion to the current log file, we |
| can do: | | can do: |
| | |
| # zcat access.log.*.gz | goaccess access.log - | | # zcat access.log.*.gz | goaccess access.log - |
| | |
| Note: On Mac OS X, use gunzip -c instead of zcat. | | Note: On Mac OS X, use gunzip -c instead of zcat. |
| | |
| REAL TIME HTML OUTPUT | | REAL TIME HTML OUTPUT |
|
| GoAccess has the ability to output real-time data in the HTML report. Y
ou can even email the HTML file | | GoAccess has the ability to output real-time data in the HTML report. You
can even email the HTML file |
| since it is composed of a single file with no external file dependencies,
how neat is that! | | since it is composed of a single file with no external file dependencies,
how neat is that! |
| | |
|
| The process of generating a real-time HTML report is very similar to the
process of creating a static | | The process of generating a real-time HTML report is very similar to t
he process of creating a static |
| report. Only --real-time-html is needed to make it real-time. | | report. Only --real-time-html is needed to make it real-time. |
| | |
| # goaccess access.log -o /usr/share/nginx/html/site/report.html --
real-time-html | | # goaccess access.log -o /usr/share/nginx/html/site/report.html --
real-time-html |
| | |
|
| By default, GoAccess will use the host name of the generated report.
Optionally, you can specify the | | By default, GoAccess will use the host name of the generated report. Opt
ionally, you can specify the |
| URL to which the client's browser will connect to. See https://goaccess.i
o/faq for a more detailed exam- | | URL to which the client's browser will connect to. See https://goaccess.i
o/faq for a more detailed exam- |
| ple. | | ple. |
| | |
| # goaccess access.log -o report.html --real-time-html --ws-url=goa
ccess.io | | # goaccess access.log -o report.html --real-time-html --ws-url=goa
ccess.io |
| | |
|
| By default, GoAccess listens on port 7890, to use a different port othe
r than 7890, you can specify it | | By default, GoAccess listens on port 7890, to use a different port other
than 7890, you can specify it |
| as (make sure the port is opened): | | as (make sure the port is opened): |
| | |
| # goaccess access.log -o report.html --real-time-html --port=9870 | | # goaccess access.log -o report.html --real-time-html --port=9870 |
| | |
| And to bind the WebSocket server to a different address other than 0.0.0.
0, you can specify it as: | | And to bind the WebSocket server to a different address other than 0.0.0.
0, you can specify it as: |
| | |
| # goaccess access.log -o report.html --real-time-html --addr=127.0
.0.1 | | # goaccess access.log -o report.html --real-time-html --addr=127.0
.0.1 |
| | |
|
| Note: To output real time data over a TLS/SSL connection, you need to
use --ssl-cert=<cert.crt> and | | Note: To output real time data over a TLS/SSL connection, you need t
o use --ssl-cert=<cert.crt> and |
| --ssl-key=<priv.key>. | | --ssl-key=<priv.key>. |
| | |
| WORKING WITH DATES | | WORKING WITH DATES |
| Another useful pipe would be filtering dates out of the web log | | Another useful pipe would be filtering dates out of the web log |
| | |
| The following will get all HTTP requests starting on 05/Dec/2010 until th
e end of the file. | | The following will get all HTTP requests starting on 05/Dec/2010 until th
e end of the file. |
| | |
| # sed -n '/05Dec2010/,$ p' access.log | goaccess -a - | | # sed -n '/05Dec2010/,$ p' access.log | goaccess -a - |
| | |
| or using relative dates such as yesterdays or tomorrows day: | | or using relative dates such as yesterdays or tomorrows day: |
| | |
| # sed -n '/'$(date '+%d%b%Y' -d '1 week ago')'/,$ p' access.log |
goaccess -a - | | # sed -n '/'$(date '+%d%b%Y' -d '1 week ago')'/,$ p' access.log |
goaccess -a - |
| | |
| If we want to parse only a certain time-frame from DATE a to DATE b, we c
an do: | | If we want to parse only a certain time-frame from DATE a to DATE b, we c
an do: |
| | |
| # sed -n '/5Nov2010/,/5Dec2010/ p' access.log | goaccess -a - | | # sed -n '/5Nov2010/,/5Dec2010/ p' access.log | goaccess -a - |
| | |
|
| If we want to preserve only certain amount of data and recycle storage,
we can keep only a certain num- | | If we want to preserve only certain amount of data and recycle storage, w
e can keep only a certain num- |
| ber of days. For instance to keep & show the last 5 days: | | ber of days. For instance to keep & show the last 5 days: |
| | |
| # goaccess access.log --keep-last=5 | | # goaccess access.log --keep-last=5 |
| | |
| VIRTUAL HOSTS | | VIRTUAL HOSTS |
| Assuming your log contains the virtual host (server blocks) field. For in
stance: | | Assuming your log contains the virtual host (server blocks) field. For in
stance: |
| | |
|
| vhost.com:80 10.131.40.139 - - [02/Mar/2016:08:14:04 -0600] "GET
/shop/bag-p-20 HTTP/1.1" 200 | | vhost.com:80 10.131.40.139 - - [02/Mar/2016:08:14:04 -0600] "G
ET /shop/bag-p-20 HTTP/1.1" 200 |
| 6715 "-" "Apache (internal dummy connection)" | | 6715 "-" "Apache (internal dummy connection)" |
| | |
|
| And you would like to append the virtual host to the request in order to
see which virtual host the top | | And you would like to append the virtual host to the request in order to
see which virtual host the top |
| urls belong to | | urls belong to |
| | |
| awk '$8=$1$8' access.log | goaccess -a - | | awk '$8=$1$8' access.log | goaccess -a - |
| | |
| To exclude a list of virtual hosts you can do the following: | | To exclude a list of virtual hosts you can do the following: |
| | |
| # grep -v "`cat exclude_vhost_list_file`" vhost_access.log | goacc
ess - | | # grep -v "`cat exclude_vhost_list_file`" vhost_access.log | goacc
ess - |
| | |
| FILES & STATUS CODES | | FILES & STATUS CODES |
| To parse specific pages, e.g., page views, html, htm, php, etc. within a
request: | | To parse specific pages, e.g., page views, html, htm, php, etc. within a
request: |
| | |
| # awk '$7~/.html|.htm|.php/' access.log | goaccess - | | # awk '$7~/.html|.htm|.php/' access.log | goaccess - |
| | |
|
| Note, $7 is the request field for the common and combined log format, (wi | | Note, $7 is the request field for the common and combined log format, |
| thout Virtual Host), if your | | (without Virtual Host), if your |
| log includes Virtual Host, then you probably want to use $8 instead. It' | | log includes Virtual Host, then you probably want to use $8 instead. It's |
| s best to check which field you | | best to check which field you |
| are shooting for, e.g.: | | are shooting for, e.g.: |
| | |
| # tail -10 access.log | awk '{print $8}' | | # tail -10 access.log | awk '{print $8}' |
| | |
| Or to parse a specific status code, e.g., 500 (Internal Server Error): | | Or to parse a specific status code, e.g., 500 (Internal Server Error): |
| | |
| # awk '$9~/500/' access.log | goaccess - | | # awk '$9~/500/' access.log | goaccess - |
| | |
| SERVER | | SERVER |
| Also, it is worth pointing out that if we want to run GoAccess at lower p
riority, we can run it as: | | Also, it is worth pointing out that if we want to run GoAccess at lower p
riority, we can run it as: |
| | |
| # nice -n 19 goaccess -f access.log -a | | # nice -n 19 goaccess -f access.log -a |
| | |
| and if you don't want to install it on your server, you can still run it
from your local machine: | | and if you don't want to install it on your server, you can still run it
from your local machine: |
| | |
| # ssh -n root@server 'tail -f /var/log/apache2/access.log' | goacc
ess - | | # ssh -n root@server 'tail -f /var/log/apache2/access.log' | goacc
ess - |
| | |
|
| Note: SSH requires -n so GoAccess can read from stdin. Also, make sure to
use SSH keys for authentica- | | Note: SSH requires -n so GoAccess can read from stdin. Also, make sure
to use SSH keys for authentica- |
| tion as it won't work if a passphrase is required. | | tion as it won't work if a passphrase is required. |
| | |
| INCREMENTAL LOG PROCESSING | | INCREMENTAL LOG PROCESSING |
| GoAccess has the ability to process logs incrementally through its intern
al storage and dump its data to | | GoAccess has the ability to process logs incrementally through its intern
al storage and dump its data to |
| disk. It works in the following way: | | disk. It works in the following way: |
| | |
| 1 A dataset must be persisted first with --persist, then the same datase
t can be loaded with | | 1 A dataset must be persisted first with --persist, then the same datase
t can be loaded with |
| | |
|
| 2 --restore. If new data is passed (piped or through a log file), it wi
ll append it to the original | | 2 --restore. If new data is passed (piped or through a log file), it
will append it to the original |
| dataset. | | dataset. |
| | |
| NOTES | | NOTES |
| | |
|
| GoAccess keeps track of inodes of all the files processed (assuming fil | | GoAccess keeps track of inodes of all the files processed (assuming files |
| es will stay on the same parti- | | will stay on the same parti- |
| tion), in addition, it extracts a snippet of data from the log along with | | tion), in addition, it extracts a snippet of data from the log along wi |
| the last line parsed of each | | th the last line parsed of each |
| file and the timestamp of the last line parsed. e.g., inode:29627417|line
:20012|ts:20171231235059 | | file and the timestamp of the last line parsed. e.g., inode:29627417|line
:20012|ts:20171231235059 |
| | |
|
| First it compares if the snippet matches the log being parsed, if it | | First it compares if the snippet matches the log being parsed, if it does |
| does, it assumes the log hasn't | | , it assumes the log hasn't |
| changed dramatically, e.g., hasn't been truncated. If the inode does not | | changed dramatically, e.g., hasn't been truncated. If the inode does |
| match the current file, it | | not match the current file, it |
| parses all lines. If the current file matches the inode, it then reads | | parses all lines. If the current file matches the inode, it then reads th |
| the remaining lines and updates | | e remaining lines and updates |
| the count of lines parsed and the timestamp. As an extra precaution, it w | | the count of lines parsed and the timestamp. As an extra precaution, |
| on't parse log lines with a | | it won't parse log lines with a |
| timestamp ≤ than the one stored. | | timestamp ≤ than the one stored. |
| | |
|
| Piped data works based off the timestamp of the last line read. For inst
ance, it will parse and discard | | Piped data works based off the timestamp of the last line read. For insta
nce, it will parse and discard |
| all incoming entries until it finds a timestamp >= than the one stored. | | all incoming entries until it finds a timestamp >= than the one stored. |
| | |
| For instance: | | For instance: |
| | |
| // last month access log | | // last month access log |
| # goaccess access.log.1 --persist | | # goaccess access.log.1 --persist |
| | |
| then, load it with | | then, load it with |
| | |
| // append this month access log, and preserve new data | | // append this month access log, and preserve new data |
| # goaccess access.log --restore --persist | | # goaccess access.log --restore --persist |
| | |
| To read persisted data only (without parsing new data) | | To read persisted data only (without parsing new data) |
| | |
| # goaccess --restore | | # goaccess --restore |
| | |
| NOTES | | NOTES |
|
| Each active panel has a total of 366 items or 50 in the real-time HTML re
port. The number of items is | | Each active panel has a total of 366 items or 50 in the real-time HTML
report. The number of items is |
| customizable using max-items Note that HTML, CSV and JSON output allow a
maximum number greater than the | | customizable using max-items Note that HTML, CSV and JSON output allow a
maximum number greater than the |
| default value of 366 items per panel. | | default value of 366 items per panel. |
| | |
|
| A hit is a request (line in the access log), e.g., 10 requests = 10 hits.
HTTP requests with the same | | A hit is a request (line in the access log), e.g., 10 requests = 10 hi
ts. HTTP requests with the same |
| IP, date, and user agent are considered a unique visit. | | IP, date, and user agent are considered a unique visit. |
| | |
|
| The generated report will attempt to reconnect to the WebSocket server
after 1 second with exponential | | The generated report will attempt to reconnect to the WebSocket server af
ter 1 second with exponential |
| backoff. It will attempt to connect 20 times. | | backoff. It will attempt to connect 20 times. |
| | |
| BUGS | | BUGS |
|
| If you think you have found a bug, please send me an email to goaccess@pr
osoftcorp.com or use the issue | | If you think you have found a bug, please send me an email to goaccess@p
rosoftcorp.com or use the issue |
| tracker in https://github.com/allinurl/goaccess/issues | | tracker in https://github.com/allinurl/goaccess/issues |
| | |
| AUTHOR | | AUTHOR |
|
| Gerardo Orellana <hello@goaccess.io> For more details about it, o
r new releases, please visit | | Gerardo Orellana <hello@goaccess.io> For more details about it, or
new releases, please visit |
| https://goaccess.io | | https://goaccess.io |
| | |
|
| GNU+Linux FEBRUARY 2023
goaccess(1) | | GNU+Linux MARCH 2023
goaccess(1) |
| | | |
| End of changes. 92 change blocks. |
|---|
| 158 lines changed or deleted | | 169 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 