View Nginx Proxy Manager Access Logs In A Beautiful Dashboard (with goaccess)


Recommended Posts

image.thumb.png.b669daca59f442bbfbe6d7958738f8aa.png

 

Pre-requisites

 

- You have Nginx Proxy Manager already installed and working. I am using this one from the Community Applications: jlesage/nginx-proxy-manager:

image.png.8283a62f9d2cce9b0b47427c7cc4343a.png

 

- You have installed goaccess from Community Applications but it's not working out-of-the-box. I am using this one from the Community Applications: gregyankovoy/goaccess

image.png.5b25544197fe1fc26ac7565de41e7166.png

 

There are three main steps

 

1- Have your log generator container (Nginx Proxy Manager) output its logs into a folder that goaccess can, well, access

2- Configure goaccess to look for the right log file 

3- Configure goaccess to understand how to parse the log/date/time format

 

Step One: Map Log File Folder

 

I use Nginx Proxy Manager and by default, it puts its access logs in the file /config/log/default.log. This location is non-configurable. Well, actually it's configured in the file /etc/nginx/nginx.conf with the line:


 

access_log /config/log/default.log proxy;

 

... but nginx.conf is not in a mapped folder so I just left it alone. I just ensured that it mapped its /config/log folder to a folder that both containers could access. In my case, I used /mnt/user/dmz/goaccess/log

 

image.png

 

Step Two: Configure Log File

 

The goaccess container looks for its access logs in the file /opt/log/access.log by default. Luckily, this is configurable in the goaccess.conf file that is mapped to the host's /mnt/user/appdata/goaccess/goaccess.conf file. In there, change the line:

 

log-file /opt/log/access.log

 

To:
 

log-file /opt/log/default.log

 

 

Step Three: Configure Log Format

 

The other thing to do is to provide the log/date/time file format that Nginx Proxy Manager uses in a language that goaccess understands. The nginx format is defined in the same nginx.conf file mentioned above as:

 

log_format standard '[$time_local] $status - $request_method $scheme $host "$request_uri" [Client $remote_addr] [Length $body_bytes_sent] [Gzip $gzip_ratio] "$http_user_agent" "$http_referer"';

 

There is a nifty script that does this mapping for you here. The short story is that it has to look like this for goaccess to understand it otherwise you get parsing errors.

 

time-format %T
date-format %d/%b/%Y
log_format [%d:%t %^] %s - %m %^ %v "%U" [Client %h] [Length %b] [Gzip %^] "%u" "%R"

 

Now, open the file goaccess.conf again and comment out the line:

 

log-format COMBINED

 

and paste the three lines describing the log/date/time format we want.

 

That's it. You should now have a beautiful dashboard of your Nginx Proxy Manager access logs including which subdomains are getting used most (virtual hosts) and which URLs end up going to 404 (possible attacks) and a whole lot more besides!

 

Sample Dashboard:

 

image.thumb.png.ad5b30c7efa67812055b57fefcd5ea8a.png

 

Note that it should update in real time as long as the settings cog on the left has a green dot near it like this:

 

image.png.7fa2a870a876492719b2bdc37ec1ecb4.png

 

That means that the websocket is connected.

 

BONUS

 

If you want to get all geeky and see the results in a terminal window, you can do that too.

Just open the goaccess container's Console window and paste the three lines of log/date/time format into the file ~/.goaccessrc so it looks like this:

 

# cat ~/.goaccessrc 
time-format %T
date-format %d/%b/%Y
log_format [%d:%t %^] %s - %m %^ %v "%U" [Client %h] [Length %b] [Gzip %^] "%u" "%R"

 

and run:

 

 goaccess /opt/log/default.log 

 

And you will get the same information in a terminal window:

(Navigate with TAB and SHIFT+TAB button to jump between sections and ENTER to expand selection. q to quit)

 

image.thumb.png.9db544b70d74ecf0da4c55595b380124.png

Edited by frakman1
  • Like 3
Link to comment
  • 2 weeks later...
  • 4 months later...
On 3/31/2021 at 1:29 AM, 062bel313 said:

I couldn't find nginx.conf in my NPM /config directory. Do you know where it is located, I am using Nginx Proxy manager docker. I searched using find everything and it results empty search. 😞


I address this point in Step One of my post.
The idea is not to have to change anything in nginx.conf and map the folders appropriately.

Link to comment
  • 4 weeks later...
2 hours ago, hjaltioj said:

Do you know how to do this with Nginx-Proxy-Manager-Official docker? Cant find the default.log file for that docker?

 

I am using this docker jlesage/nginx-proxy-manager

 

If you're talking about jc21/nginx-proxy-manager:latest

 

Then its /etc/nginx/nginx.conf configuration has this line:

 

access_log /data/logs/fallback_access.log proxy;

 

Which mean you will need to map the /data/logs folder to a location that the goaccess container can also access.

You will also need to change the goaccess configuration to look for that log file instead of the one currently configured

 

Link to comment
36 minutes ago, frakman1 said:

 

I am using this docker jlesage/nginx-proxy-manager

 

If you're talking about jc21/nginx-proxy-manager:latest

 

Then its /etc/nginx/nginx.conf configuration has this line:

 

access_log /data/logs/fallback_access.log proxy;

 

Which mean you will need to map the /data/logs folder to a location that the goaccess container can also access.

You will also need to change the goaccess configuration to look for that log file instead of the one currently configured

 

Hi again.
I use jc21 version, but for me fallback_access.log is empty?

 

these are the logs that get createt.

 

log.PNG

Link to comment

hi again. this is the error i get in NPM

 

error: skipping "/data/logs/fallback_access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

Link to comment
On 8/31/2021 at 9:32 PM, hjaltioj said:

hi again. this is the error i get in NPM

 

error: skipping "/data/logs/fallback_access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

 

Hi,

 

I got the same error, did you fix it?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.