Geoip2influx Save

A python script that will parse the nginx access.log and send geolocation metrics and log metrics to InfluxDB

Project README

Geoip2Influx

A python script that will parse the nginx access.log and send geolocation metrics and log metrics to InfluxDB

For the linuxserver/letsencrypt docker mod, click here : https://github.com/gilbN/lsio-docker-mods/tree/master/letsencrypt/geoip2-nginx-stats

Usage

Enviroment variables:

These are the default values for all envs. Add the ones that differ on your system.

Environment Variable	Example Value	Description
NGINX_LOG_PATH	/config/log/nginx/access.log	Container path for Nginx logfile , defaults to the example.
INFLUX_HOST	localhost	Host running InfluxDB.
INFLUX_HOST_PORT	8086	Optional, defaults to 8086.
INFLUX_DATABASE	geoip2influx	Optional, defaults to geoip2influx.
INFLUX_USER	root	Optional, defaults to root.
INFLUX_PASS	root	Optional, defaults to root.
GEO_MEASUREMENT	geoip2influx	InfluxDB measurement name for geohashes. Optional, defaults to the example.
LOG_MEASUREMENT	nginx_access_logs	InfluxDB measurement name for nginx logs. Optional, defaults to the example.
SEND_NGINX_LOGS	true	Set to `false` to disable nginx logs. Optional, defaults to `true`.
GEOIP2INFLUX_LOG_LEVEL	info	Sets the log level in geoip2influx.log. Use `debug` for verbose logging Optional, defaults to info.
GEOIP2INFLUX_LOG_PATH	/config/log/geoip2influx/geoip2influx.log	Optional. Defaults to example.
INFLUX_RETENTION	7d	Sets the retention for the database. Optional, defaults to example.
INFLUX_SHARD	1d	Set the shard for the database. Optional, defaults to example.
MAXMINDDB_LICENSE_KEY	xxxxxxx	Add your Maxmind licence key

MaxMind Geolite2

Default download location is /config/geoip2db/GeoLite2-City.mmdb

Get your licence key here: https://www.maxmind.com/en/geolite2/signup

InfluxDB

InfluxDB v2.x is not supported. Use v1.8x.

The InfluxDB database will be created automatically with the name you choose.

-e INFLUX_DATABASE=geoip2influx

Docker

docker create \
  --name=geoip2influx \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/Oslo \
  -e INFLUX_HOST=<influxdb host> \
  -e INFLUX_HOST_PORT=<influxdb port> \
  -e MAXMINDDB_LICENSE_KEY=<license key>\
  -v /path/to/appdata/geoip2influx:/config \
  -v /path/to/nginx/accesslog/:/config/log/nginx/ \
  --restart unless-stopped \
  ghcr.io/gilbn/geoip2influx

Docker compose

version: "2.1"
services:
  geoip2influx:
    image: ghcr.io/gilbn/geoip2influx
    container_name: geoip2influx
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Oslo
      - INFLUX_HOST=<influxdb host>
      - INFLUX_HOST_PORT=<influxdb port>
      - MAXMINDDB_LICENSE_KEY=<license key>
    volumes:
      - /path/to/appdata/geoip2influx:/config
      - /path/to/nginx/accesslog/:/config/log/nginx/
    restart: unless-stopped

Grafana dashboard:

Grafana Dashboard Link

Needs the grafana-worldmap-panel

Sending Nginx log metrics

Nginx needs to be compiled with the geoip2 module: https://github.com/leev/ngx_http_geoip2_module

Add the following to the http block in your nginx.conf file:

geoip2 /config/geoip2db/GeoLite2-City.mmdb {
auto_reload 5m;
$geoip2_data_country_iso_code country iso_code;
$geoip2_data_city_name city names en;
}

log_format custom '$remote_addr - $remote_user [$time_local]'
           '"$request" $status $body_bytes_sent'
           '"$http_referer" $host "$http_user_agent"'
           '"$request_time" "$upstream_connect_time"'
           '"$geoip2_data_city_name" "$geoip2_data_country_iso_code"';

Set the access log use the custom log format.

access_log /config/log/nginx/access.log custom;

Multiple log files

If you separate your nginx log files but want this script to parse all of them you can do the following:

As nginx can have multiple access log directives in a block, just add another one in the server block.

Example

	access_log /config/log/nginx/technicalramblings/access.log custom;
	access_log /config/log/nginx/access.log custom;

This will log the same lines to both files.

Then use the /config/log/nginx/access.log file in the NGINX_LOG_PATH variable.

Updates

21.06.20 - Added $host(domain) to the nginx log metrics. This will break your nginx logs parsing, as you need to update the custom log format.

06.06.20 - Added influx retention policy to try and mitigate max-values-per-tag limit exceeded errors.

-e INFLUX_RETENTION Default 30d
-e INFLUX_SHARD Default 2d
It will only add the retention policy if the database doesn't exist.

30.05.20 - Added logging. Use -e GEOIP2INFLUX_LOG_LEVEL to set the log level.

15.05.20 - Removed GEOIP2_KEY and GEOIP_DB_PATHvariables. With commit https://github.com/linuxserver/docker-letsencrypt/commit/75b9685fdb3ec6edda590300f289b0e75dd9efd0 the letsencrypt container now natively supports downloading and updating(weekly) the GeoLite2-City database!

Adapted source: https://github.com/ratibor78/geostat

Open Source Agenda is not affiliated with "Geoip2influx" Project. README Source: GilbN/geoip2influx

Stars

Open Issues

Last Commit

1 year ago

Repository

GilbN/geoip2influx

License

MIT

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/geoip2influx"><img src="https://www.opensourceagenda.com/projects/geoip2influx/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022