当前位置: > Linux服务器 > 监控工具 >

goaccess分析nginx日志

时间:2014-12-27 22:49来源:linux.it.net.cn 作者:IT

安装:
[root@Rootop tar_gz]# wget -c http://tar.goaccess.io/goaccess-0.8.5.tar.gz
[root@Rootop tar_gz]# tar zxvf goaccess-0.8.5.tar.gz
[root@Rootop tar_gz]# cd goaccess-0.8.5
[root@Rootop goaccess-0.8.5]# ./configure
[root@Rootop goaccess-0.8.5]# make && make install
我这里web服务器为nginx。
可以直接输入goaccess -f +日志路径 进入控制台,操作不多说,百度一大片。



开始日志分析并导出为html文件:

1
[root@Rootop ~]# goaccess -f /home/wwwlogs/www.rootop.org.log --log-format='%h %^[%d:%^] "%r" %s %b "%R" "%u"' --date-format='%d/%b/%Y' -d -a > test.html

也可以通过指定配置文件方式来分析。就不需要在命令中体现日志格式:
首先下载配置文件:

1
[root@Rootop ~]# wget -O .goaccessrc https://raw.githubusercontent.com/allinurl/goaccess/master/config/goaccess.conf --no-check-certificate

编辑.goaccess文件,把16和27行的前面注释去掉。(NCSA Combined Log Format)

date-format %d/%b/%Y
log-format %h %^[%d:%^] “%r” %s %b “%R” “%u”

[root@Rootop ~]# goaccess -f /home/wwwlogs/www.rootop.org.log -d -a -p ~/.goaccessrc > test2.html

需要注意这里的日志格式,每个nginx日志格式配置可能不同,goaccess指定的日志格式也不一定一样,需要对照下面的参数和nginx日志格式来指定命令中日志的格式。否则日志
分析的时候会报错。需要对nginx的日志格式有一定了解。

goaccess时间和日志格式支持的参数:
date_format
The date_format variable followed by a space, specifies the log format date containing any combination of regular characters and special format specifiers. They all
begin with a percentage (%) sign. See http://linux.die.net/man/3/strftime

Note that there is no need to use time specifiers since they are not used by GoAccess. It’s recommended to use only date specifiers, i.e., %Y-%m-%d.

log_format
The log_format variable followed by a space or \t , specifies the log format string.

%d date field matching the date_format variable.

%h host (the client IP address, either IPv4 or IPv6)

%r The request line from the client. This requires specific delimiters around the request (as single quotes, double quotes, or anything else) to be parsable. If not, we
have to use a combination of special format specifiers as %m %U %H.

%m The request method.

%U The URL path requested (including any query string).

%H The request protocol.

%s The status code that the server sends back to the client.

%b The size of the object returned to the client.

%R The “Referrer” HTTP request header.

%u The user-agent HTTP request header.

%D The time taken to serve the request, in microseconds.

%T The time taken to serve the request, in seconds or milliseconds. Note: %D will take priority over %T if both are used.

%^ Ignore this field.

PS:
之前配置文件错误,分析nginx日志报错,经过求助软件作者解决,并对goaccess有更深入的了解。赞一下软件作者。
[root@Rootop ~]# goaccess -d -f /home/wwwlogs/www.rootop.org.log -a -p ~/.goaccesssrc > test.html
Parsing… [373,734] [373,734/s]
GoAccess – version 0.8.5 – Nov 20 2014 16:48:39

Fatal error has occurred
Error occured at: goaccess.c – main – 832
Nothing valid to process.

~/.goaccesssrc文件内容:
date_format %d/%b/%Y
log_format %^:%^ %h %^[%d:%^] “%r” %s %b

nginx日志:
58.251.136.61 – - [20/Nov/2014:17:29:21 +0800] “GET /wp-content/themes/g-white/js/all.js HTTP/1.1″200 1292 “http://www.rootop.org/pages/890.html”"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36″ -



(责任编辑:IT)
------分隔线----------------------------