Real time Web Log analyzer using GoAccess

Scrolling through log files is unrealistic.  Using ‘awk’, ‘grep’, ‘sed’, and ‘cut’ to parse through them can be quite a chore – and still has it’s place for specific searches.  However, here is an interesting tool called GoAccess.  GoAccess is a real time web log analyzer tool.

Running a CentOS 6, minimal installation, to install.

yum install -y epel-release
yum install -y goaccess

To use, for example to monitor the access.log file.

goaccess -f /var/log/apache2/access.log

You should be greeted with a popup.  Since this example is using Apache, I selected NCSA Combined Log Format.


You can leave things as they are, or modify the /etc/goaccess.conf file by uncommenting the time-format, date-format, and log-format that is appropriate to Apache to make these changes permanent.  Here is what it should look like. You should not be presented with the box above.

[root@mytestweb]# grep -v "^#\|^$" /etc/goaccess.conf | grep format
time-format %H:%M:%S
date-format %d/%b/%Y
log-format %h %^[%d:%t %^] "%r" %s %b "%R" "%u"

Executing the command again to monitor the log file, you will be presented with something like this.  Note that this server isn’t really used, so the results are quite sparse.  This screenshot is intended to demonstrate the possibilities.


To review multiple files simultaneously you can run this command.  However, I was presented with an error/warning message that prevented the access to the logs, only when not editing the /etc/goaccess.conf file.  After the edits were made, the following command worked perfectly.

zcat -f /var/log/httpd/*_log | goaccess

To read about other options including HTML report generation, check out the links below.