allinurl/goaccess

★ 20,514CAudience · ops devopsComplexity · 2/5ActiveLicenseSetup · moderate

Mindmap

mindmap
  root((GoAccess))
    What it does
      Real-time log analysis
      Terminal dashboard
      HTML reports
    Log formats
      Apache Nginx
      AWS CloudFront
      Custom formats
    Security features
      Brute-force detection
      Bot identification
      ASN mapping
    Tech stack
      C language
      ncurses UI
      WebSocket server
    Use cases
      Traffic monitoring
      Security auditing
      Performance analysis

mindmap root((GoAccess)) What it does Real-time log analysis Terminal dashboard HTML reports Log formats Apache Nginx AWS CloudFront Custom formats Security features Brute-force detection Bot identification ASN mapping Tech stack C language ncurses UI WebSocket server Use cases Traffic monitoring Security auditing Performance analysis

Things people build with this

USE CASE 1

Monitor web server traffic in real-time from the command line without external tools or dashboards.

USE CASE 2

Detect brute-force attacks, bot activity, and suspicious traffic patterns directly from access logs.

USE CASE 3

Generate shareable HTML reports of traffic statistics and performance metrics for stakeholders.

USE CASE 4

Analyze large log files incrementally and persist results on disk for historical trend analysis.

Tech stack

CncursesWebSocketHTMLJSONCSV

Getting it running

Difficulty · moderate Time to first run · 30min

Requires ncurses library and C compiler; log file path configuration needed to point to actual server logs.

Use freely for any purpose including commercial, as long as you keep the copyright notice.

In plain English

GoAccess is an open source tool that reads the log files a web server writes for every visit and turns them into a live dashboard. It can run two ways: as a text-based interface inside a terminal, or as a self-contained HTML page that refreshes in a browser. It is aimed at system administrators, DevOps engineers, and security professionals. The way it works is straightforward. You point GoAccess at a log file, tell it what format the lines are in, and it parses each entry into structured stats: which pages were hit, who hit them, how much bandwidth was used, which requests were slowest, and how each virtual host on the server is being used. The terminal panels refresh every 200 milliseconds and the HTML dashboard every second, so the numbers track traffic in real time. It can also write a JSON or CSV report. GoAccess understands many common log formats out of the box, including Apache and Nginx Combined and Common Log Formats, Amazon CloudFront, Amazon S3, AWS Elastic Load Balancing, Google Cloud Storage, Apache virtual hosts, Squid native, W3C IIS, Caddy's JSON, and Traefik's CLF, and it accepts any custom format string. Extra features include tracking response time, mapping IPs to Autonomous System Numbers, incremental on-disk persistence, and WebSocket authentication using local or external JWT verification. Someone would use GoAccess for quick log analysis over SSH, to monitor traffic from the terminal, publish a live report, or spot brute-force attempts and bots. It is written in C, depends only on ncurses, ships its own WebSocket server, and runs on Linux, the BSDs, macOS, and Windows via Cygwin or WSL. The full README is longer than what was provided.

Copy-paste prompts

Prompt 1

How do I set up GoAccess to monitor my Nginx access logs in real-time on the command line?

Prompt 2

Show me how to generate an HTML report from my Apache access logs using GoAccess and view it in a browser.

Prompt 3

How can I use GoAccess to detect brute-force login attempts and suspicious traffic in my server logs?

Prompt 4

What's the fastest way to analyze a multi-gigabyte access log file with GoAccess and export the results as JSON?

Open on GitHub → Explain another repo

Generated 2026-05-21 · Model: sonnet-4-6 · Verify against the repo before relying on details.