DEV Community

Cover image for 👾 Server Access Logs with GoAccess
Anna Villarreal
Anna Villarreal Subscriber

Posted on

👾 Server Access Logs with GoAccess

Live HTML dashboards and bot detection

Part 1: Self-hosting on Jetson Orin Nano


👽 Jetson Orin Nano Web Server Follow-up 👽

Cool! Now that the mini web server is up and running, how can I see web traffic easily? I discovered GoAccess recently, which is a free and open source tool for checking out server logs in real time. There are two way to view it. At first I was happy to just see nicely-parsed server logs in the terminal. Ahhhh, organization! It gives you a bunch of interesting stuff to look at.

Here is what the terminal view looks like:

goaccess terminal view

Dats cool

You know, inviting traffic to a webserver invokes anxiety. Having half an idea of what is happening helps ease tension for sure. I was really excited to find this tool. You can open go access in the terminal to display different information with different views. I will leave the explaining to the official documentation found here: GoAccess Docs

But the web developer in me was super excited to find a very human-readable html version readily available. Using a reverse proxy through nginx, you can view all the stats on a web page locally. It also allows you to pick a theme and customize how the information is displayed. Be sure to check out the settings and chart options!

Here is what the html view produces:

goaccess html view

Stats for silly hoomins.

Idk about you, but this is my super exciting find for the day.

I think my next step is to connect an agent that reads the logs and alerts me on set parameters.

I'm interested to hear what tools all of you use to enhance web server monitoring?

What's the best agent for web analytics, in your opinion?

Top comments (13)

Collapse
 
circuit profile image
Rahul S

GoAccess real-time mode (the --real-time-html flag spins up a little WebSocket server so the dashboard updates live) is perfect for what you're after. One thing that'll jump out once you're on the open internet: a lot of that "traffic" isn't human — it's scanners hitting your raw IP for /wp-login.php, /.env and /.git/config within hours of going public, so the volume looks scarier than it actually is. GoAccess shows you volume and top paths but not intent, so for the alerting agent you're planning, a high 404-to-weird-path ratio per IP makes a cheap first rule, and enriching each source IP with a type/reputation lookup (datacenter vs residential vs known proxy) is what separates a real visitor from background noise. You can eyeball how any IP classifies at ipasis.com/scan while you tune your thresholds.

Collapse
 
annavi11arrea1 profile image
Anna Villarreal

Oh I like where your headed with that! Thanks for giving me something to chew on. And yeah - I was amazed at the bot activity. I saw them scanning, reaching for routes, testing them, looking for holes. They are ferocious. It really gives you the scope of the security problem at hand when you reach out into the wilderness and see all the things happening in real time, a sense of "internet activity reality".

It was wild at one point to put my sever live and within minutes, random routes being tested on the server. Just wild!

Collapse
 
hayrullahkar profile image
Hayrullah Kar

GoAccess is an absolute lifesaver, from the terminal dashboard to that clean HTML view! Running it on a Jetson Orin Nano is an awesome self-hosting setup.

For real-time log monitoring and alerts, definitely check out Fail2ban (great for instant bot banning) or a lightweight Prometheus + Grafana stack. Keep building!

Collapse
 
annavi11arrea1 profile image
Anna Villarreal

Yes I recently discovered fail2ban as well! Ill have to check out prometheus, thanks for the tip!

Collapse
 
technogamerz profile image
𝕋𝕙𝕖 𝕃𝕒𝕫𝕪 𝔾𝕚𝕣𝕝

Interesting perspective. One thing I appreciate about GoAccess is that it provides actionable insights directly from access logs without requiring a heavy monitoring stack. In environments where teams want quick visibility into traffic patterns, response status distribution, and potential anomalies, this approach can be surprisingly effective. Nice walkthrough of the setup process and reporting capabilities.

Collapse
 
annavi11arrea1 profile image
Anna Villarreal

Thanks for your comment! I really appreciate this tool. I think monitoring is super important to avoid problems. This was an excellent find. I am so thankful for open source. ✨️

Collapse
 
unitbuilds profile image
UnitBuilds

Ngl, this is finding a little hidden gem. You'd be amazed how much cool stuff exists that people just havent noticed yet!

Collapse
 
nazar-boyko profile image
Nazar Boyko

GoAccess in real time is such a nice first look at what's actually hitting a server. On the agent idea, I'd be a little careful pointing an LLM at the raw log stream, since most of those lines are bots poking at /wp-login and /.env, and paying a model to read each one gets noisy and pricey fast. The alerting part is better handled by plain rules, like fail2ban for the obvious scanners and a simple threshold on error rates. Where an agent actually earns its keep is the weekly "anything weird I should look at" summary, where you want judgment instead of a fixed trigger.

Collapse
 
annavi11arrea1 profile image
Anna Villarreal

Yes exactly, perhaps it can notice patterns emerging over time that may be of interest. Im curious to see what would be reported over a given span of time. I definitely don't want a bunch of pointless noise. And I would definitely not pay for a service for my small use case. But I would push free models as far as I can! Haha. My shenanigans limited to personal endevours. Your tips are appreciated!

I know very well about the expense part. I played with n8n, gemini, and a (fake) database and lost. 😂 that's something you only do once. 😂😂😅😶‍🌫️

Collapse
 
voltagegpu profile image
VoltageGPU

Interesting setup using a Jetson Orin Nano as a web server — I've worked with similar edge devices for GPU-accelerated workloads. Using GoAccess for real-time log analysis is a solid choice, especially when keeping an eye on performance and security in constrained environments. If you're planning to scale this further, you might want to look into containerizing the service for easier deployment and resource isolation.

Collapse
 
annavi11arrea1 profile image
Anna Villarreal

For containerization, are you referring to something like docker? I guess I had this wild idea that I was going to have a bunch of "mini" servers eventually. I find the idea entertaining, and I would get to hone some networking skills. And when you say service do you mean something like, have a dedicated ollama-only unit? I considered that. I thought it would be cool to have like three different agents that I can connect to, all hosted on physically separated hardware. I'm small potatoes over here. I suppose if I had a problem where I had to scale up, it would be the best problem to have. hahaha.

(Steps away slowly knowing that a managed switch will likely have to come into the picture soon... 😅)

Collapse
 
furqan_ashraf_07df2e7ef3a profile image
Furqan Ashraf

The bot scanning you described is very real. Going live and watching random routes get tested within minutes is eye opening.
For the IP enrichment side, you can use the IP Locator API from APIFreaks. It returns useful data per IP like whether it is a datacenter, residential, proxy, or Tor exit node. APIFreaks is an API hub with 60+ production-ready APIs, and IP Locator is one of their inhouse APIs. That single signal helps you cut a lot of noise from your alerting rules without needing a full agent setup. You can enrich each suspicious IP from your GoAccess logs and build smarter thresholds around it.
Might be worth checking out before you go the LLM route for alerting.

Collapse
 
annavi11arrea1 profile image
Anna Villarreal

Thank you for bringing that up. Everything is so AI-ified. I would be genuinly curious to investigate without AI. Perhaps I set them both up and run them in parallel to compare results. Thats an interesting idea.