I’m not sure I’m coming out from under my rock enough, but this is a GOD SEND for dealing with the web servers I manage! And your video explaining how you setup and use it has really helped me, thanks again for all you do for us, @LTS_Tom!
May I suggest a little reading on the topic of monitoring logs etc “The Practice of Network Security Monitoring” by Richard Beitlich Published by No Starch Press ISBN 13: 978-1-59327-509-9 cvers open source solutions theory and practical implementation.
Ok, maybe I’m just having a brain fart or something, but for the life of me I cannot get GoAccess to work with a default Debian/Apache set of logs with a clean install of GoAccess. Of course, I’m also having trouble getting my head around how to build a custom format for it. Would anyone have a link to somewhere I can get more info on the formatting flags? TIA!
What I have done for this particular Discourse forums GoAccess log parsing is
- Pull up a single line of the Apache log
- Open your GoAccess config
- If creating a custom format, have https://goaccess.io/man#custom-log open and in view too
- Walk through the pieces of the log and slowly build your custom format
As for your stock Debian/Ubuntu Apache, does GoAccess show you anything at all?
Thanks @ph1L! All I get is “No Valid Hits” through the Configuration Dialog. And when I run a log piped in I get this as output:
GoAccess - version 0.8.3 - Aug 30 2014 07:43:50
Fatal error has occurred Error occured at: goaccess.c - main - 832 Nothing valid to process.
I’m going to try your suggestion and build it up the format from the log.