Using GoAccess for analysing web logs

Using GoAccess for analysing web logs

visualise the traffics


GoAccess is a tool for monitoring web server logs in realtime, which written in C and can be accessed directly from the command-line. With GoAccess you can view or analyse relevant statistics quickly and securely. Apart from the command-lin dashboard interface, it’s also capable of displaying the statistics in other formats such as HTML, JSON, and CSV, which you can use in other contexts.

Installing GoAccess

It is easy to install GoAccess on Linux using package managers. For example, on Ubuntu:

sudo apt install goaccess

Note: This may not always give you the latest stable version. To make sure that you’re running the latest stable version see option below:

echo "deb $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/goaccess.list
wget -O - | sudo apt-key --keyring /etc/apt/trusted.gpg.d/goaccess.gpg add -
sudo apt update
sudo apt install goaccess

Editing the GoAccess configuration

Once you have installed GoAccess on your server, then you should be ready to start using it. However, first you need to determine the log format of your access log. GoAccess comes with a configuration file where you can make permanent changes to the behaviour of the program. You’ll edit this file to specify the time, date, and log format so that GoAccess knows how to parse the server logs.

To find out where the config file is located on your server, run the following command:

goaccess --dcf

Example output:


For me, it shows No default config file found., but I still can find the /etc/goaccess/goaccess.conf. Anyway, I will use that file for configuration.

Note: If this file does not exist on the server, ensure to create it first and populate it with the contents of the goaccess.conf file on GitHub.

Many of the lines in the file are commented out. To enable an option, remove the first # character in front of it.

Now, let’s set the basic configuration for a Nginx server by editing time-format, date-format, and log-format. Then save the file and exit the text editor, you’re now ready to run the GoAccess program to analyse some Nginx plain-text log files.

Accessing Nginx log files with GoAccess

sudo goaccess /var/log/nginx/access.log

It will prompt you to choose basic format setting. After that, it will launch the GoAccess command-line dashboard.

Or, you can specify the configuration file in the previous step for formatting:

sudo goaccess -p /etc/goaccess/goaccess.conf /var/log/nginx/access.log

Sometimes you will have several compressed log files on a long-running web server. To run GoAccess on all these files without extracting them first, you can pipe the output of the zcat command to goaccess:

zcat /var/log/nginx/access.log.*.gz | goaccess -a

At the top of the dashboard is a summary of several key metrics. This includes total requests for the reporting period, unique visitors, log size, 404 not found errors, requested files, size of the parsed log file, HTTP referrers, name of the log source, time taken to process the log file, and more…

GoAccess summary

Below the top panel, you will find all the available modules which provide more details on the aforementioned metrics and other data points supported by GoAccess. To navigate the interface, use the following keyboard shortcuts:

  • TAB - to move forward through the available modules and SHIFT + TAB to move backwards.
  • F5 - to refresh the dashboard.
  • g - to move to the top of the dashboard screen and G to move to the last item in the dashboard.
  • o or ENTER - to expand the selected module.
  • j and k - to scroll down and up within the active module.
  • s - to display the sort options for the active module.
  • / - to search across all modules and n to move to the next match.
  • 0-9 and SHIFT + 0 - to quickly activate the respective numbered module.
  • ? - to view the quick help dialogue.
  • q - to quite the program.

Generating reports

GoAccess allows you to generate HTML, JSON, or CSV reports.

Make sure that you’re in the home directory before running any of the following commands.

To output the report as static HTML, specify an HTML file as the argument to the -o flag. This flag also accepts filenames that end in .json or .csv.

You can copy the output file to your local machine using scp, and view the report in your browser.

Real-Time HTML output

The following parses the access log and displays the status in a real-time HTML report.

sudo goaccess /var/log/nginx/access.log -o /var/www/html/report.html --log-format=COMBINED --real-time-html


Although we only covered how GoAccess may be used with Nginx logs, the powerful tool also supports other log formats such Apache, Amazon S3, Elastic Load Balancing, Google Cloud…

You can check the full GoAccess documentation or run man goaccess in your terminal.

Ads by Google


Frank Lin

Hey, there! This is Frank Lin (@flinhong), one of the 1.41 billion . This 'inDev. Journal' site holds the exploration of my quirky thoughts and random adventures through life. Hope you enjoy reading and perusing my posts.


Setup an IKEv2 server with strongSwan



Setup an IKEv2 server with strongSwan

IKEv2, or Internet Key Exchange v2, is a protocol that allows for direct IPSec tunnelling between networks. It is developed by Microsoft and Cisco (primarily) for mobile users, and introduced as an updated version of IKEv1 in 2005. The IKEv2 MOBIKE (Mobility and Multihoming) protocol allows the client to main secure connection despite network switches, such as when leaving a WiFi area for a mobile data area. IKEv2 works on most platforms, and natively supported on some platforms (OS X 10.11+, iOS 9.1+, and Windows 10) with no additional applications necessary.

Hands on IBM Cloud Functions with CLI



Hands on IBM Cloud Functions with CLI

IBM Cloud CLI allows complete management of the Cloud Functions system. You can use the Cloud Functions CLI plugin-in to manage your code snippets in actions, create triggers, and rules to enable your actions to respond to events, and bundle actions into packages.