GoAccess实时分析Nginx日志

GoAccess 是一个基于终端的实时 Web 日志分析仪。用 C 语言编写，它是快速，互动的，并以优雅而直观的方式显示日志。它提供了各种 Web 日志文件的支持，包括 Apache，Nginx，Caddy，Amazon S3 和 CloudFront，仅提及几个。它可以以 HTML 格式，JSON 渲染结果，还可以生成 CSV 报告。

1. 目录准备

存放goaccess.conf配置文件

mkdir -p /usr/local/goaccess/data

存放goaccess生成分析html

mkdir -p /usr/local/goaccess/html

2. 启动nginx

nginx中添加配置，监听7891端口

    server {
        listen      7891;
        server_name  dev.lettin.cn 114.55.42.227;
        location / {
            root   /usr/share/nginx/html;
            index  index.html;
        }
    }

docker run -d --net=host --name=nginx -v /usr/local/goaccess/html:/usr/share/nginx/html --restart=always nginx

找到日志nginx文件

我使用的docker方式运行nginx，所用是前台启动，nginx输出在控制台，需要找到docker 容器的日志文件（nginx为容器名）：

docker inspect --format='{{.LogPath}}' nginx

注意：每次docker run都会生成新的容器，日志文件路径会改变
在这里插入图片描述

3. 安装GoAccess（docker版）

goaccess.conf配置准备

放/usr/local/goaccess/data目录下
goaccess.conf配置文件下载地址：https://github.com/allinurl/goaccess/blob/master/config/goaccess.conf

需要修改的内容如下

time-format %H:%M:%S

date-format %d/%b/%Y

log-format %h %^ %^ [%d:%t %^] "%r" %^ %s %b "%R" "%u" "%^" "%T"

下面是我配好的（复制可用）

######################################
# Time Format Options (required)
######################################
#
# The hour (24-hour clock) [00,23]; leading zeros are permitted but not required.
# The minute [00,59]; leading zeros are permitted but not required.
# The seconds [00,60]; leading zeros are permitted but not required.
# See `man strftime` for more details
#
# The following time format works with any of the
# Apache/NGINX's log formats below.
#
time-format %H:%M:%S
#
# Google Cloud Storage or
# The time in microseconds since the Unix epoch.
#
#time-format %f

# Squid native log format
#
#time-format %s

######################################
# Date Format Options (required)
######################################
#
# The date-format variable followed by a space, specifies
# the log format date containing any combination of regular
# characters and special format specifiers. They all begin with a
# percentage (%) sign. See `man strftime`
#
# The following date format works with any of the
# Apache/NGINX's log formats below.
#
date-format %d/%b/%Y
#
# AWS | Amazon CloudFront (Download Distribution)
# AWS | Elastic Load Balancing
# W3C (IIS)
#
#date-format %Y-%m-%d
#
# Google Cloud Storage or
# The time in microseconds since the Unix epoch.
#
#date-format %f

# Squid native log format
# Caddy
#
#date-format %s

######################################
# Date/Time Format Option
######################################
#
# The datetime-format variable followed by a space, specifies
# the log format date and time containing any combination of regular
# characters and special format specifiers. They all begin with a
# percentage (%) sign. See `man strftime`
#
# This gives the ability to get the timezone from a request and
# convert it to another timezone for output. See --tz=<timezone> in
# the man page.
#
#datetime-format %d/%b/%Y:%H:%M:%S %z

######################################
# Log Format Options (required)
######################################
#
# The log-format variable followed by a space or \t for
# tab-delimited, specifies the log format string.
#
# NOTE: If the time/date is a timestamp in seconds or microseconds
# %x must be used instead of %d & %t to represent the date & time.

# NCSA Combined Log Format
#log-format %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
log-format {"log":"%h %^[%d:%t %^] \""%m %U %H %s %b "%R" "%u"}

# NCSA Combined Log Format with Virtual Host
#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"

# Common Log Format (CLF)
#log-format %h %^[%d:%t %^] "%r" %s %b

# Common Log Format (CLF) with Virtual Host
#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b

# W3C
#log-format %d %t %h %^ %^ %^ %^ %r %^ %s %b %^ %^ %u %R

# Squid native log format
#log-format %^ %^ %^ %v %^: %x.%^ %~%L %h %^/%s %b %m %U

# AWS | Amazon CloudFront (Download Distribution)
#log-format %d\t%t\t%^\t%b\t%h\t%m\t%^\t%r\t%s\t%R\t%u\t%^

# Google Cloud Storage
#log-format "%x","%h",%^,%^,"%m","%U","%s",%^,"%b","%D",%^,"%R","%u"

# AWS | Elastic Load Balancing
#log-format %dT%t.%^ %^ %h:%^ %^ %T %^ %^ %^ %s %^ %b "%r" "%u"

# AWSS3 | Amazon Simple Storage Service (S3)
#log-format %^[%d:%t %^] %h %^"%r" %s %^ %b %^ %L %^ "%R" "%u"

# Virtualmin Log Format with Virtual Host
#log-format %h %^ %v %^[%d:%t %^] "%r" %s %b "%R" "%u"

# Kubernetes Nginx Ingress Log Format
#log-format %^ %^ [%h] %^ %^ [%d:%t %^] "%r" %s %b "%R" "%u" %^ %^ [%v] %^:%^ %^ %T %^ %^

# CADDY JSON Structured
#log-format {ts:"%x.%^",request:{remote_ip:"%h",proto:"%H",method:"%m",host:"%v",uri:"%U",headers:{"User-Agent":["%u","%^"]},tls:{cipher_suite:"%k",proto:"%K"}},duration:"%T",size:"%b",status:"%s",resp_headers:{"Content-Type":["%M;%^"]}}

# In addition to specifying the raw log/date/time formats, for
# simplicity, any of the following predefined log format names can be
# supplied to the log/date/time-format variables. GoAccess  can  also
# handle  one  predefined name in one variable and another predefined
# name in another variable.
#
#log-format COMBINED
#log-format VCOMBINED
#log-format COMMON
#log-format VCOMMON
#log-format W3C
#log-format SQUID
#log-format CLOUDFRONT
#log-format CLOUDSTORAGE
#log-format AWSELB
#log-format AWSS3
#log-format CADDY

######################################
# UI Options
######################################

# Choose among color schemes
# 1 : Monochrome
# 2 : Green
# 3 : Monokai (if 256-colors supported)
#
#color-scheme 3

# Prompt log/date configuration window on program start.
#
config-dialog false

# Color highlight active panel.
#
hl-header true

# Specify a custom CSS file in the HTML report.
#
#html-custom-css /path/file.css

# Specify a custom JS file in the HTML report.
#
#html-custom-js /path/file.js

# Set default HTML preferences.
#
# NOTE: A valid JSON object is required.
# DO NOT USE A MULTILINE JSON OBJECT.
# The parser will only parse the value next to `html-prefs` (single line)
# It allows the ability to customize each panel plot. See example below.
#
#html-prefs {"theme":"bright","perPage":5,"layout":"horizontal","showTables":true,"visitors":{"plot":{"chartType":"bar"}}}

# Set HTML report page title and header.
#
#html-report-title My Awesome Web Stats

# Format JSON output using tabs and newlines.
#
json-pretty-print false

# Turn off colored output. This is the  default output on
# terminals that do not support colors.
# true  : for no color output
# false : use color-scheme
#
no-color false

# Don't write column names in the terminal output. By default, it displays
# column names for each available metric in every panel.
#
no-column-names false

# Disable summary metrics on the CSV output.
#
no-csv-summary false

# Disable progress metrics.
#
no-progress false

# Disable scrolling through panels on TAB.
#
no-tab-scroll false

# Disable progress metrics and parsing spinner.
#
#no-parsing-spinner true

# Do not show the last updated field displayed in the HTML generated report.
#
#no-html-last-updated true

# Outputs the report date/time data in the given timezone. Note that it
# uses the canonical timezone name. See --datetime-format in order to
# properly specify a timezone in the date/time format.
#
#tz Europe/Berlin

# Enable mouse support on main dashboard.
#
with-mouse false

# Maximum number of items to show per panel.
# Note: Only the CSV and JSON outputs allow a maximum greater than the
# default value of 366.
#
#max-items 366

# Custom colors for the terminal output
# Tailor GoAccess to suit your own tastes.
#
# Color Syntax:
# DEFINITION space/tab colorFG#:colorBG# [[attributes,] PANEL]
#
# FG# = foreground color number [-1...255] (-1 = default terminal color)
# BG# = background color number [-1...255] (-1 = default terminal color)
#
# Optionally:
#
# It is possible to apply color attributes, such as:
# bold,underline,normal,reverse,blink.
# Multiple attributes are comma separated
#
# If desired, it is possible to apply custom colors per panel, that is, a
# metric in the REQUESTS panel can be of color A, while the same metric in the
# BROWSERS panel can be of color B.
#
# The following is a 256 color scheme (hybrid palette)
#
#color COLOR_MTRC_HITS              color110:color-1
#color COLOR_MTRC_VISITORS          color173:color-1
#color COLOR_MTRC_DATA              color221:color-1
#color COLOR_MTRC_BW                color167:color-1
#color COLOR_MTRC_AVGTS             color143:color-1
#color COLOR_MTRC_CUMTS             color247:color-1
#color COLOR_MTRC_MAXTS             color186:color-1
#color COLOR_MTRC_PROT              color109:color-1
#color COLOR_MTRC_MTHD              color139:color-1
#color COLOR_MTRC_HITS_PERC         color186:color-1
#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1
#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 VISITORS
#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 OS
#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 BROWSERS
#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 VISIT_TIMES
#color COLOR_MTRC_VISITORS_PERC     color186:color-1
#color COLOR_MTRC_VISITORS_PERC_MAX color139:color-1
#color COLOR_PANEL_COLS             color243:color-1
#color COLOR_BARS                   color250:color-1
#color COLOR_ERROR                  color231:color167
#color COLOR_SELECTED               color7:color167
#color COLOR_PANEL_ACTIVE           color7:color237
#color COLOR_PANEL_HEADER           color250:color235
#color COLOR_PANEL_DESC             color242:color-1
#color COLOR_OVERALL_LBLS           color243:color-1
#color COLOR_OVERALL_VALS           color167:color-1
#color COLOR_OVERALL_PATH           color186:color-1
#color COLOR_ACTIVE_LABEL           color139:color235 bold underline
#color COLOR_BG                     color250:color-1
#color COLOR_DEFAULT                color243:color-1
#color COLOR_PROGRESS               color7:color110

######################################
# Server Options
######################################

# Specify IP address to bind server to.
#
#addr 0.0.0.0

# Run GoAccess as daemon (if --real-time-html enabled).
#
#daemonize false

# Ensure clients send the specified origin header upon the WebSocket
# handshake.
#
#origin http://example.org

# The port to which the connection is being attempted to connect.
# By default GoAccess' WebSocket server listens on port 7890
# See man page or http://gwsocket.io for details.
#
#port 7890

# Write the PID to a file when used along the daemonize option.
#
#pid-file /var/run/goaccess.pid

# Enable real-time HTML output.
#
#real-time-html true

# Path to TLS/SSL certificate.
# Note that ssl-cert and ssl-key need to be used to enable TLS/SSL.
#
#ssl-cert /path/ssl/domain.crt

# Path to TLS/SSL private key.
# Note that ssl-cert and ssl-key need to be used to enable TLS/SSL.
#
#ssl-key /path/ssl/domain.key

# URL to which the WebSocket server responds. This is the URL supplied
# to the WebSocket constructor on the client side.
#
# Optionally, it is possible to specify the WebSocket URI scheme, such as ws://
# or wss:// for unencrypted and encrypted connections.
# e.g., ws-url wss://goaccess.io
#
# If GoAccess is running behind a proxy, you could set the client side
# to connect to a different port by specifying the host followed by a
# colon and the port.
# e.g., ws-url goaccess.io:9999
#
# By default, it will attempt to connect to localhost. If GoAccess is
# running on a remote server, the host of the remote server should be
# specified here. Also, make sure it is a valid host and NOT an http
# address.
#
#ws-url goaccess.io

# Path to read named pipe (FIFO).
#
#fifo-in /tmp/wspipein.fifo

# Path to write named pipe (FIFO).
#
#fifo-out /tmp/wspipeout.fifo

######################################
# File Options
######################################

# Specify the path to the input log file. If set, it will take
# priority over -f from the command line.
#
#log-file /var/log/apache2/access.log

# Send all debug messages to the specified file.
#
#debug-file debug.log

# Specify a custom configuration file to use. If set, it will take
# priority over the global configuration file (if any).
#
#config-file <filename>

# Log invalid requests to the specified file.
#
#invalid-requests <filename>

# Do not load the global configuration file.
#
#no-global-config false

######################################
# Parse Options
######################################

# Enable a list of user-agents by host. For faster parsing, do not
# enable this flag.
#
agent-list false

#  Enable IP resolver on HTML|JSON|CSV output.
#
with-output-resolver false

# Exclude an IPv4 or IPv6 from being counted.
# Ranges can be included as well using a dash in between
# the IPs (start-end).
#
#exclude-ip 127.0.0.1
#exclude-ip 192.168.0.1-192.168.0.100
#exclude-ip ::1
#exclude-ip 0:0:0:0:0:ffff:808:804-0:0:0:0:0:ffff:808:808

# Include HTTP request method if found. This will create a
# request key containing the request method + the actual request.
#
# <yes|no> [default: yes]
#
http-method yes

# Include HTTP request protocol if found. This will create a
# request key containing the request protocol + the actual request.
#
# <yes|no> [default: yes]
#
http-protocol yes

# Write  output to stdout given one of the following files and the
# corresponding extension for the output format:
#
# /path/file.csv  - Comma-separated values (CSV)
# /path/file.json - JSON (JavaScript Object Notation)
# /path/file.html - HTML
#
# output /path/file.html

# Ignore request's query string.
# i.e.,  www.google.com/page.htm?query => www.google.com/page.htm
#
# Note: Removing the query string can greatly decrease memory
# consumption, especially on timestamped requests.
#
no-query-string false

# Disable IP resolver on terminal output.
#
no-term-resolver false

# Treat non-standard status code 444 as 404.
#
444-as-404 false

# Add 4xx client errors to the unique visitors count.
#
4xx-to-unique-count false

# IP address anonymization
# The IP anonymization option sets the last octet of IPv4 user IP addresses and
# the last 80 bits of IPv6 addresses to zeros.
# e.g., 192.168.20.100 => 192.168.20.0
# e.g., 2a03:2880:2110:df07:face:b00c::1 => 2a03:2880:2110:df07::
#
#anonymize-ip false

# Include static files that contain a query string in the static files
# panel.
# e.g., /fonts/fontawesome-webfont.woff?v=4.0.3
#
all-static-files false

# Include an additional delimited list of browsers/crawlers/feeds etc.
# See config/browsers.list for an example or
# https://raw.githubusercontent.com/allinurl/goaccess/master/config/browsers.list
#
#browsers-file <filename>

# Date specificity. Possible values: `date` (default), or `hr` or `min`.
#
#date-spec hr|min

# Decode double-encoded values.
#
double-decode false

# Enable parsing/displaying the given panel.
#
#enable-panel VISITORS
#enable-panel REQUESTS
#enable-panel REQUESTS_STATIC
#enable-panel NOT_FOUND
#enable-panel HOSTS
#enable-panel OS
#enable-panel BROWSERS
#enable-panel VISIT_TIMES
#enable-panel VIRTUAL_HOSTS
#enable-panel REFERRERS
#enable-panel REFERRING_SITES
#enable-panel KEYPHRASES
#enable-panel STATUS_CODES
#enable-panel REMOTE_USER
#enable-panel CACHE_STATUS
#enable-panel GEO_LOCATION
#enable-panel MIME_TYPE
#enable-panel TLS_TYPE

# Hide a referrer but still count it. Wild cards are allowed. i.e., *.bing.com
#
#hide-referrer *.google.com
#hide-referrer bing.com

# Hour specificity. Possible values: `hr` (default), or `min` (tenth
# of a minute).
#
#hour-spec min

# Ignore crawlers from being counted.
# This will ignore robots listed under browsers.c
# Note that it will count them towards the total
# number of requests, but excluded from any of the panels.
#
ignore-crawlers false

# Parse and display crawlers only.
# This will ignore all hosts except robots listed under browsers.c
# Note that it will count them towards the total
# number of requests, but excluded from any of the panels.
#
crawlers-only false

# Unknown browsers and OS are considered as crawlers
#
unknowns-as-crawlers false

# Ignore static file requests.
# req : Only ignore request from valid requests
# panels : Ignore request from panels.
# Note that it will count them towards the total number of requests
# ignore-statics req

# Ignore parsing and displaying the given panel.
#
#ignore-panel VISITORS
#ignore-panel REQUESTS
#ignore-panel REQUESTS_STATIC
#ignore-panel NOT_FOUND
#ignore-panel HOSTS
#ignore-panel OS
#ignore-panel BROWSERS
#ignore-panel VISIT_TIMES
#ignore-panel VIRTUAL_HOSTS
ignore-panel REFERRERS
#ignore-panel REFERRING_SITES
ignore-panel KEYPHRASES
#ignore-panel STATUS_CODES
#ignore-panel REMOTE_USER
#ignore-panel CACHE_STATUS
#ignore-panel GEO_LOCATION
#ignore-panel MIME_TYPE
#ignore-panel TLS_TYPE

# Ignore referrers from being counted.
# This supports wild cards. For instance,
# '*' matches 0 or more characters (including spaces)
# '?' matches exactly one character
#
#ignore-referrer *.domain.com
#ignore-referrer ww?.domain.*

# Ignore parsing and displaying one or multiple status code(s)
#
#ignore-status 400
#ignore-status 502

# Keep the last specified number of days in storage. This will recycle the
# storage tables. e.g., keep & show only the last 7 days.
#
# keep-last 7

# Disable client IP validation. Useful if IP addresses have been
# obfuscated before being logged.
#
# no-ip-validation true

# Number of lines from the access log to test against the provided
# log/date/time format. By default, the parser is set to test 10
# lines. If set to 0, the parser won't test  any  lines and will parse
# the whole access log.
#
#num-tests 10

# Parse log and exit without outputting data.
#
#process-and-exit false

# Display real OS names. e.g, Windows XP, Snow Leopard.
#
real-os true

# Sort panel on initial load.
# Sort options are separated by comma.
# Options are in the form: PANEL,METRIC,ORDER
#
# Available metrics:
#  BY_HITS     - Sort by hits
#  BY_VISITORS - Sort by unique visitors
#  BY_DATA     - Sort by data
#  BY_BW       - Sort by bandwidth
#  BY_AVGTS    - Sort by average time served
#  BY_CUMTS    - Sort by cumulative time served
#  BY_MAXTS    - Sort by maximum time served
#  BY_PROT     - Sort by http protocol
#  BY_MTHD     - Sort by http method
# Available orders:
#  ASC
#  DESC
#
#sort-panel VISITORS,BY_DATA,ASC
#sort-panel REQUESTS,BY_HITS,ASC
#sort-panel REQUESTS_STATIC,BY_HITS,ASC
#sort-panel NOT_FOUND,BY_HITS,ASC
#sort-panel HOSTS,BY_HITS,ASC
#sort-panel OS,BY_HITS,ASC
#sort-panel BROWSERS,BY_HITS,ASC
#sort-panel VISIT_TIMES,BY_DATA,DESC
#sort-panel VIRTUAL_HOSTS,BY_HITS,ASC
#sort-panel REFERRERS,BY_HITS,ASC
#sort-panel REFERRING_SITES,BY_HITS,ASC
#sort-panel KEYPHRASES,BY_HITS,ASC
#sort-panel STATUS_CODES,BY_HITS,ASC
#sort-panel REMOTE_USER,BY_HITS,ASC
#sort-panel CACHE_STATUS,BY_HITS,ASC
#sort-panel GEO_LOCATION,BY_HITS,ASC
#sort-panel MIME_TYPE,BY_HITS,ASC
#sort-panel TLS_TYPE,BY_HITS,ASC

# Consider the following extensions as static files
# The actual '.' is required and extensions are case sensitive
# For a full list, uncomment the less common static extensions below.
#
static-file .css
static-file .js
static-file .jpg
static-file .png
static-file .gif
static-file .ico
static-file .jpeg
static-file .pdf
static-file .csv
static-file .mpeg
static-file .mpg
static-file .swf
static-file .woff
static-file .woff2
static-file .xls
static-file .xlsx
static-file .doc
static-file .docx
static-file .ppt
static-file .pptx
static-file .txt
static-file .zip
static-file .ogg
static-file .mp3
static-file .mp4
static-file .exe
static-file .iso
static-file .gz
static-file .rar
static-file .svg
static-file .bmp
static-file .tar
static-file .tgz
static-file .tiff
static-file .tif
static-file .ttf
static-file .flv
static-file .dmg
static-file .xz
static-file .zst
#static-file .less
#static-file .ac3
#static-file .avi
#static-file .bz2
#static-file .class
#static-file .cue
#static-file .dae
#static-file .dat
#static-file .dts
#static-file .ejs
#static-file .eot
#static-file .eps
#static-file .img
#static-file .jar
#static-file .map
#static-file .mid
#static-file .midi
#static-file .ogv
#static-file .webm
#static-file .mkv
#static-file .odp
#static-file .ods
#static-file .odt
#static-file .otf
#static-file .pict
#static-file .pls
#static-file .ps
#static-file .qt
#static-file .rm
#static-file .svgz
#static-file .wav
#static-file .webp

######################################
# GeoIP Options
# Only if configured with --enable-geoip
######################################

# To feed a database either through GeoIP Legacy or GeoIP2, you need to use the
# geoip-database flag below.
#
# === GeoIP Legacy
# Legacy GeoIP has been discontinued. If your GNU+Linux distribution does not ship
# with the legacy databases, you may still be able to find them through
# different sources. Make sure to download the .dat files.
#
# Distributed with Creative Commons Attribution-ShareAlike 4.0 International License.
# https://mailfud.org/geoip-legacy/

# IPv4 Country database:
# Download the GeoIP.dat.gz
# gunzip GeoIP.dat.gz
#
# IPv4 City database:
# Download the GeoIPCity.dat.gz
# gunzip GeoIPCity.dat.gz

# Standard GeoIP database for less memory usage (GeoIP Legacy).
#
#std-geoip false

# === GeoIP2
# For GeoIP2 databases, you can use DB-IP Lite databases.
# DB-IP is licensed under a Creative Commons Attribution 4.0 International License.
# https://db-ip.com/db/lite.php

# Or you can download them from MaxMind
# https://dev.maxmind.com/geoip/geoip2/geolite2/

# For GeoIP2 City database:
# Download the GeoLite2-City.mmdb.gz
# gunzip GeoLite2-City.mmdb.gz
#
# For GeoIP2 Country database:
# Download the GeoLite2-Country.mmdb.gz
# gunzip GeoLite2-Country.mmdb.gz
#
#geoip-database /usr/local/share/GeoIP/GeoLiteCity.dat

######################################
# Persistence Options
######################################

# Path where the persisted database files are stored on disk.
# The default value is the /tmp directory.
#db-path /tmp

# Persist parsed data into disk.
#persist true

# Load previously stored data from disk.
# Database files need to exist. See `persist`.
#restore true

启动GoAccess

注意挂载的日志文件

docker run -d -p 7890:7890 -m 200m\
	-v /usr/local/goaccess/data:/srv/data \
	-v /usr/local/goaccess/html:/srv/report \
	-v `docker inspect --format='{{.LogPath}}' nginx`:/srv/logs/access.log \
	--name=goaccess allinurl/goaccess --no-global-config \
	--config-file=/srv/data/goaccess.conf \
	--output=/srv/report/index.html \
	--log-file=/srv/logs/access.log \
	--real-time-html

打开页面

在这里插入图片描述
不断的刷新，界面上的数据值也会进行实时变化。

4.附录

日志格式：日志格式变量后需要跟一个空格或\t制表符分隔符，指定日志格式字符串。

特殊字符所代表的含义

%x：与时间格式和日期格式变量匹配的日期和时间字段。当时间戳而不是将日期和时间放在两个单独的变量中时，使用此方法；
%t：与时间格式变量匹配的时间字段；
%d：匹配日期格式变量的日期字段；
%v：根据规范名称设置的服务器名称（服务器块或虚拟主机）；
%e：请求文档时，由 HTTP 验证决定的用户 ID；
%h：主机（客户端IP地址，IPv4 或 IPv6）
%r：客户端的请求行。这就请求的特定分隔符（单引号，双引号等）是可解析的。否则需使用特殊的格式说明符，例如：%m，%U，%q和%H解析各个字段，既可以使用 %r 获取完整的请求，也可以使用 %m, %U, %q and %H 去组合你的请求，但是不能同时使用。
%m：请求方法；
%U：请求URL路径，如果查询字符串在%U中，无需使用%q。如果URL路径不包含任何查询字符串，则使用%q，查询字符串将附加到请求中；
%q：查询字符串；
%H：请求协议；
%s：服务器发送回客户端的状态代码；
%b：返回给客户端对象的大小；
%R：HTTP 请求的 “Referer” 值；
%u：HTTP 请求的 “UserAgent” 值；
%D：处理请求所花费的时间（以微秒为单位）；
%T：处理请求所花费的时间（以毫秒为单位）；
%L ：处理请求所花费的时间（以十进制数毫秒为单位）；
%^：忽略此字段；
%~：向前移动日志字符串，直到找到非空格（！isspace）字符；
~h：X-Forwarded-For（XFF）字段中的主机（客户端IP地址，IPv4或IPv6）。

goaccess的html面板解析

General Statistics：此面板提供了几个指标的摘要，其中一些包括：有效和无效请求的数量，分析数据集所花费的时间，唯一访问者，请求的文件，静态文件（CSS，ICO，JPG等）HTTP引用，404s，已解析日志文件的大小和带宽消耗。
Unique visitors：此面板显示点击次数，唯一身份访问者和每个日期的累积带宽等指标。包含相同IP，相同日期和相同用户代理的HTTP请求被视为唯一访问者。默认情况下，它包括网络爬虫/蜘蛛。可以使用–date-spec = hr将日期特异性设置为小时级别，这将显示日期，例如05 / Jun / 2016：16。如果您想跟踪小时级别的每日流量，这非常棒。
Requested files：此面板显示Web服务器上请求最多的文件。它显示了匹配，唯一身份访问者和百分比，以及累积带宽，协议和使用的请求方法。
Requested static files：列出了最常用静态文件，如：JPG，CSS，SWF，JS，GIF，和PNG文件类型，使用相同的指标作为最后的面板一起。可以将其他静态文件添加到配置文件中。
404 or Not Found：显示与先前请求面板相同的指标，但是，其数据包含在服务器上找不到的所有页面，或通常称为404状态代码。
Hosts：此面板包含有关主机本身的详细信息。这非常适合发现×××性爬虫，并确定谁在吃你的带宽。扩展面板可以显示更多信息，例如主机的反向DNS查找结果，原产国和城市。如果-a启用了参数，则可以通过选择所需的IP地址，然后按Enter来显示用户代理列表。
Operating Systems：此面板将报告主机在到达服务器时使用的操作系统。它试图提供每个操作系统的最具体版本。
Browsers：此面板将报告主机在访问服务器时使用的浏览器。它试图提供每个浏览器的最具体版本。
Visit Times：此面板将显示每小时报告。此选项显示24个数据点，每天一小时一个。可选地，可以使用–hour-spec = min将小时特异性设置为十分之一水平，这将显示小时为16：4如果您想要发现服务器上的流量峰值，这很好。
Virtual Hosts：此面板将显示从访问日志中解析的所有不同虚拟主机。如果在日志格式字符串中使用％v，则会显示此面板。
Referrers URLs：如果相关主机通过其他资源访问了网站，或者是从其他主机链接/转移给您，则会在此面板中提供引用它们的网址。请参阅--ignore-panel配置文件以启用它。（默认禁用）
Referring Sites：此面板仅显示主机部分，但不显示整个URL。请求来自的URL。
Keyphrases：它报告了用于Google搜索，Google缓存和Google翻译的关键字，这些关键字已导致您的网络服务器。目前，它仅通过HTTP支持Google搜索查询。请参阅--ignore-panel配置文件以启用它。（默认禁用）
Geo Location：确定IP地址在地理位置的位置。统计数据按大陆和国家分列。它需要使用GeoLocation支持进行编译。
HTTP Status Codes：HTTP请求的数字状态代码的值。
Remote User (HTTP authentication)：这是HTTP身份验证确定的请求文档的人员的用户ID。如果文档没有密码保护，则此部分将为“ - ”，就像前一个部分一样。除非%e在log-format变量中给出，否则不会启用此面板。