Copies nginx access log file entries into a sqlite database and optionally adds firewall rules to reject malicious HTTP requests. The rules used to detect malicious requests can be configured using a simple grammar, see sample.json and rule.go.
Only a fixed nginx access log format is supported. Start the program to see the required log format.
The program is intended to be used on linux servers.
- Install the required go version (see go.mod).
- Set CGO_ENBALED=1 and install gcc (required to build sqlite).
- go build
- Example setup for Windows WSL see below
- wsl --update
- wsl --install -d Ubuntu-24.04 --name ubuntu-dev
- cd
- sudo apt update
- sudo apt upgrade
- sudo apt install build-essential
Note: no other process should listen on port 80
-
sudo apt install nginx
-
sudo nano /etc/nginx/nginx.conf
log_format noreferer '$remote_addr - $remote_user [$time_local] $msec "$request" $request_length $status $body_bytes_sent $request_time "$http_user_agent"';
access_log /var/log/nginx/access.log noreferer;
-
sudo nginx -t
-
sudo nginx -s reload
-
curl localhost
-
sudo cat /var/log/nginx/access.log
- curl https://dl.google.com/go/go1.24.3.linux-amd64.tar.gz >go.tar.gz
- gunzip go.tar.gz
- tar xf go.tar
- sudo rm -rf /usr/local/go
- sudo mv go /usr/local/
- rm go.tar
- export PATH=$PATH:/usr/local/go/bin
- go version
- git clone https://github.com/nylssoft/goaccesslog.git
- cd goaccesslog
- export CGO_ENABLED=1
- go build
- code .
- sudo ./goaccesslog -config configs/sample.json
- sudo cat /var/log/goaccesslog.log
Start new bash
- cd
- curl https://www.sqlite.org/2025/sqlite-autoconf-3490200.tar.gz >sqlite.tar.gz
- gunzip sqlite.tar.gz
- tar xf sqlite.tar
- rm sqlite.tar
- cd sqlite-autoconf-3490200/
- ./configure
- make
- curl localhost
- wait 1 minute
- sudo ./sqlite3 ../goaccesslog/goaccesslog.db "select * from accesslog;"
- go test ./... -coverprofile=cover.out
- go tool cover -html=cover.out