GeoIP log analysis with bash

Published on Author admin

maxmind-logo

GeoIP log analysis with bash.

Running websites or other online services usually we want to get as much statistics about visitors as possible. There are plenty of system that can provide us web-based statistics. But there is another way. True admin/devops way is to analyse logs.
Any service can provide access logs: nginx, apache, haproxy, etc. We also can have any statistic by logging access via firewall. As the result there are always IPs of the visitors.

The problem: to get GeoIP statistics from nginx access-log in as quick as possible.
Solution in 3 simple steps:

1st. Tools
There are IP lookup command line tools that use the GeoIP library.

Debian/Ubuntu:

FreeBSD, pkg

2nd. GeoIP Database
MaxMind provides free GeoIP Country database. Here we can download the geolite db.

3rd. Analysis

To check single IP:

Parsing access-log:

This give you a line per country for each IP address.