Setting up GoAccess realtime reporting

GoAccess is a lightweight log file analyser with some great features. One feature that I have employed is the real-time html generation.

This tutorial will walk you through the setup and configuration of this.

Scenario

You have a Debian server which is running NGINX to server webpages (although Apache instructions will be almost identical). We will install and configure GoAccess to provide real-time visitor information.

Note: The Debian package is not built with openssl support so trying to serve the real-time report from a tls encrypted URL will not work.

How it works

GoAccess parses any log files passed to it on the command line and generates the html file. At the same time, it starts its own WebSocket server which pushes updates to the clients as the log file is updated.

Installation

On most modern distributions goaccess is available in the package manager, but you will probably also want the geoip database in order to locate visitors.

root@host:~# apt-get install goaccess geoip-database

The WebSocket server is part of the package, but you need to open a firewall port. We shall use UFW as it is simple to use, as outlined in my other tutorial.

root@host:~# ufw allow 7890

Configuration

NGINX

We shall setup a location block just for GoAccess so that we can password protect it. Note that this only provides trivial security, but it will stop casual attempts to access it.

 root@host:~# mkdir /var/www/html/realtime

If you have htpasswd installed on the system then go ahead and generate a username and password with the following command.

root@host:~# htpasswd -c /etc/nginx/.htpasswd myUserName

Otherwise, use the generator at htaccesstools.com and copy the contents into a file at /etc/nginx/.htpasswd using vim/nano or whatever your chosen text editor is.

Edit the server block to add the location we have just created. It is important (unless you have ssl support) that this goes in the server block which is answering on port 80 and not the server answering https on 443.

location /realtime {
   root /var/www/html;   
   index index.html;
   auth_basic "Admin area";   
   auth_basic_user_file /etc/nginx/.htpasswd;
}

Check your config, and reload NGINX if all is well.

root@host:~# service nginx configtest
[ ok ] Testing nginx configuration:.

root@host:~# service nginx reload

GoAccess

There are a number of command-line options that you can pass to GoAccess, so I would advise you look at the man-page if the default options are not to your liking. Assuming the NGINX log files are in their default location, GoAccess can be started and daemonized like so

root@host:~# goaccess /var/log/nginx/access.log -o /var/www/html/realtime/index.html --log-format=COMBINED --real-time-html --daemonize

Summary

If you not now use your browser to navigate to your page http://www.example.net/realtime/ you should be presented with the password prompt

Enter the credentials you provided earlier, then you will be able to see the GoAccess realtime report updating as your logfiles change.