goaccess version:1.9
安装方式:源文件 make make install
执行环境:cli
完整access.log:
192.168.1.3:16423|240e:42c:1b30:111:b4c1:49ff:fe49:392c, 113.96.59.21 14/Jun/2024:00:01:15 +0800 HTTP/1.0 GET http://www.baidu.com/yl/ysj/dsj/folder1088/?imageView/0/w/890/h/675 |200| 53286 0.000 "https://www.baidu.com/yl/ysj/dsj/folder1088/" "Mozilla/5.0 (Linux; Android 11; PEHT00 Build/RKQ1.201217.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/122.0.6261.120 Mobile Safari/537.36 XWEB/1220089 MMWEBSDK/20240404 MMWEBID/9553 MicroMessenger/8.0.49.2600(0x28003157) WeChat/arm64 Weixin NetType/4G Language/zh_CN ABI/arm64" - - -
nginx的log配置:
'$remote_addr:$remote_port|$http_x_forwarded_for\t $time_local\t $server_protocol\t $request_method $scheme://$host$request_uri\t |$status|\t $body_bytes_sent\t $request_time\t "$http_referer"\t "$http_user_agent"\t $upstream_addr\t $upstream_response_time\t $upstream_status';
完整cli语句:
goaccess /opt/access.log -p /root/goaccess.conf --log-format='%h:%p|~h{, }\t[%d:%t %^]\t%H\t%r\t|%s|\t%b\t%T\t"%R"\t"%u"\t%^' --date-format=%d/%b/%Y --time-format=%T -o report.html
难点:
1.针对 XFF, GoAccess 使用了一个特殊符号,即由一个波浪号+主机说明符构成,然后紧跟由大括号封装起来的 XFF 限定字段(例:~h{,"})
~h{," } 用于解析 "11.25.11.53, 17.68.33.17" 字段由一对双引号,一个逗号和一个空格限定。
2.nginx的log配置中如果使用了\t 则在cli语句中也需要使用
3.最好同时使用--date-format= --time-format=
问题:
UA可以用于定位访问者
1、本来想过滤出完整UA,实际只输出浏览器版本信息。
想要的输出
"Mozilla/5.0 (Linux; Android 11; PEHT00 Build/RKQ1.201217.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/122.0.6261.120 Mobile Safari/537.36 XWEB/1220089 MMWEBSDK/20240404 MMWEBID/9553 MicroMessenger/8.0.49.2600(0x28003157) WeChat/arm64 Weixin NetType/4G Language/zh_CN ABI/arm64"
实际的输出:
标签:goaccess,log,format,--,nginx,time,日志,t% From: https://www.cnblogs.com/reminderlog/p/18249806