GoAccess is a lightweight log file analyser with some great features. One feature that I have employed is the real-time html generation.
This tutorial will walk you through the setup and configuration of this.
Scenario
You have a Debian server which is running NGINX to server webpages (although Apache instructions will be almost identical). We will install and configure GoAccess to provide real-time visitor information.
Note: The Debian package is not built with openssl support so trying to serve the real-time report from a tls encrypted URL will not work.
How it works
GoAccess parses any log files passed to it on the command line and generates the html file. At the same time, it starts its own WebSocket server which pushes updates to the clients as the log file is updated.
Installation
On most modern distributions goaccess is available in the package manager, but you will probably also want the geoip database in order to locate visitors.
root@host:~# apt-get install goaccess geoip-database
The WebSocket server is part of the package, but you need to open a firewall port. We shall use UFW as it is simple to use, as outlined in my other tutorial.
root@host:~# ufw allow 7890
Configuration
NGINX
We shall setup a location block just for GoAccess so that we can password protect it. Note that this only provides trivial security, but it will stop casual attempts to access it.
root@host:~# mkdir /var/www/html/realtime
If you have htpasswd installed on the system then go ahead and generate a username and password with the following command.
root@host:~# htpasswd -c /etc/nginx/.htpasswd myUserName
Otherwise, use the generator at htaccesstools.com and copy the contents into a file at /etc/nginx/.htpasswd using vim/nano or whatever your chosen text editor is.
Edit the server block to add the location we have just created. It is important (unless you have ssl support) that this goes in the server block which is answering on port 80 and not the server answering https on 443.
location /realtime {
root /var/www/html;
index index.html;
auth_basic "Admin area";
auth_basic_user_file /etc/nginx/.htpasswd;
}
Check your config, and reload NGINX if all is well.
root@host:~# service nginx configtest [ ok ] Testing nginx configuration:. root@host:~# service nginx reload
GoAccess
There are a number of command-line options that you can pass to GoAccess, so I would advise you look at the man-page if the default options are not to your liking. Assuming the NGINX log files are in their default location, GoAccess can be started and daemonized like so
root@host:~# goaccess /var/log/nginx/access.log -o /var/www/html/realtime/index.html --log-format=COMBINED --real-time-html --daemonize
Summary
If you not now use your browser to navigate to your page http://www.example.net/realtime/ you should be presented with the password prompt
Enter the credentials you provided earlier, then you will be able to see the GoAccess realtime report updating as your logfiles change.
