Add terminal- and web-based Apache access.log view with GoAccess.
In the name of security, the more information we have about our systems the better off we are. Sometimes that information might not be directly related to security, and sometimes it may. Case in point: The Apache web server. There is a file named access.log that displays crucial information about what goes on with the web server.
The Apache access.log file stores information about events that occur on the Apache web server. Such information can include visitor IP address, pages viewed, status codes, browsers used, and more.
But combing through text-based log files can be cumbersome, especially when your admin tasks keep piling up. To that end, what do you do? You could always turn to a tool like GoAccess.
GoAccess is both a terminal- and web-based real-time dashboard used for reading the Apache access.log file. I'm going to walk you through the process of installing GoAccess on Ubuntu Server 19.10, running Apache 2.
SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)
What you'll need
The only things you'll need to make GoAccess run on your system are the following:
A running instance of Ubuntu Server with Apache 2 installed
A user account with sudo access
How to install dependencies
The first thing to be done is the installation of the necessary dependencies. To do this, open a terminal window and issue the following command:
sudo apt-get install libncursesw5-dev gcc make libgeoip-dev libtokyocabinet-dev build-essential -y
After that completes, you're ready to install GoAccess.
How to install GoAccess
To install GoAccess, download the necessary tar file with the command:
Extract the file with the command:
tar xvzf goaccess-1.3.tar.gz
Change into the newly created directory with the command:
Install with the following commands:
sudo ./configure --enable-utf8 --enable-geoip=legacy sudo make sudo make install
How to run GoAccess
Now we're going to run GoAccess in the terminal. To do that, issue the command:
sudo goaccess /var/log/apache2/access.log --log-format=COMBINED
You should now see GoAccess displaying real-time data from your access.log file in the terminal (Figure A).
You can scroll through the bottom half of the screen to view the various sections of the log file. For example, scroll down to see the listing of Visitor Hostnames and IPs (Figure B).
To exit out of GoAccess, hit Q on your keyboard.
How to view the web dashboard
Now we're going to run GoAccess such that it will display the web-based dashboard. Outside of the web-based dashboard being far prettier and easier to read, the main difference between the two is that the terminal dashboard is real-time, whereas the web dashboard is read from the report generated by the command. For this, issue the command:
sudo goaccess /var/log/apache2/access.log --log-format=COMBINED -a -o /var/www/html/report.html
You should get your terminal prompt back. Open a web browser and point it to http://SERVER_IP/report.html (where SERVER_IP is the IP address of the server hosting GoAccess and Apache). You should see the information in a user-friendly format (Figure C).
How to receive pseudo real-time updates
In order to get updated stats on your server, you'd have to run the goaccess command a second time. The only way you could get regular updates would be to create a bash script and have it run as a cronjob every minute or so. For this, create a bash script with the contents:
!#/bin/bash sudo goaccess /var/log/apache2/access.log --log-format=COMBINED -a -o /var/www/html/report.html
Save that file in your user's home directory. Next create a crontab entry with the command:
sudo crontab -e
The cron entry (to run the command every minute) could look like:
* * * * * /home/USERNAME/goaccess.sh
Where USERNAME is the name of a user on your system.
With that crontab entry in place, every minute that report.html file will be updated with the new data.
You now have the means to easily view the contents of your Apache access.log. Keep tabs on every aspect of your web server so you can enjoy a bit more security.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- How to enable Apache MPM Prefork to improve performance (TechRepublic)
- How to stop, start, and restart Apache on various Linux distributions (TechRepublic)
- How to install a LAMP server on Ubuntu Server 19.10 (TechRepublic)
- How to install AWStats on Ubuntu Server 18.04 (TechRepublic)
- This aggressive IoT malware is forcing Wi-Fi routers to join its botnet army (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)