GoAccess : A Comprehensive Guide To Real-Time Web Log Analysis And Visualization

GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal on *nix systems or through your browser.

It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly. 

Features

GoAccess parses the specified web log file and outputs the data to the X terminal. Features include:

• Completely Real Time
  All panels and metrics are timed to be updated every 200 ms on the terminal output and every second on the HTML output.
• Minimal Configuration needed
  You can just run it against your access log file, pick the log format and let GoAccess parse the access log and show you the stats.
• Track Application Response Time
  Track the time taken to serve the request. Extremely useful if you want to track pages that are slowing down your site.
• Nearly All Web Log Formats
  GoAccess allows any custom log format string. Predefined options include, Apache, Nginx, Amazon S3, Elastic Load Balancing, CloudFront, etc.
• Incremental Log Processing
  Need data persistence? GoAccess has the ability to process logs incrementally through the on-disk persistence options.
• Only one dependency
  GoAccess is written in C. To run it, you only need ncurses as a dependency. That’s it. It even features its own Web Socket server.
• Visitors
  Determine the amount of hits, visitors, bandwidth, and metrics for slowest running requests by the hour, or date.
• Metrics per Virtual Host
  Have multiple Virtual Hosts (Server Blocks)? It features a panel that displays which virtual host is consuming most of the web server resources.
• ASN (Autonomous System Number mapping)
  Great for detecting malicious traffic patterns and block them accordingly.
• Color Scheme Customizable
  Tailor GoAccess to suit your own color taste/schemes. Either through the terminal, or by simply applying the stylesheet on the HTML output.
• Support for Large Datasets
  GoAccess features the ability to parse large logs due to its optimized in-memory hash tables. It has very good memory usage and pretty good performance. This storage has support for on-disk persistence as well.
• Docker Support
  Ability to build GoAccess’ Docker image from upstream. You can still fully configure it, by using Volume mapping and editing goaccess.conf. See Docker section below.

Nearly All Web Log Formats…

GoAccess allows any custom log format string. Predefined options include, but not limited to:

• Amazon CloudFront (Download Distribution).
• Amazon Simple Storage Service (S3)
• AWS Elastic Load Balancing
• Combined Log Format (XLF/ELF) Apache | Nginx
• Common Log Format (CLF) Apache
• Google Cloud Storage.
• Apache virtual hosts
• Squid Native Format.
• W3C format (IIS).
• Caddy’s JSON Structured format.
• Traefik’s CLF flavor

Why GoAccess?

GoAccess was designed to be a fast, terminal-based log analyzer. Its core idea is to quickly analyze and view web server statistics in real time without needing to use your browser (great if you want to do a quick analysis of your access log via SSH, or if you simply love working in the terminal).

While the terminal output is the default output, it has the capability to generate a complete, self-contained, real-time HTML report, as well as a JSON, and CSV report.

You can see it more of a monitor command tool than anything else.

For more information click here.