Goaccess: How to analyse Dante Socks server logs with GoAccess?
For example:
Apr 13 11:35:13 (1523619313.153088) danted[6894]: info: pass(1): tcp/connect [: username%[email protected] 167.99.247.172.1080 -> 167.99.247.172.27725 149.154.163.37.44
Date is three different columns, can i parse it with GoAccess?
Enfield
All 4 comments
Can you please describe the fields you've got in there? Thanks.
allinurl
on 16 Apr 2018
For this string (it's a SOCKS5 proxy):
Apr 13 11:35:13 (1523619313.153088) danted[6894]: info: pass(1): tcp/connect [: username%[email protected] 167.99.247.172.1080 -> 167.99.247.172.27725 149.154.163.37.44
fields be:
month day time (timestamp with milliseconds) ignore ignore request_status protocol/action[:username%login@incoming_ipv4.port server_ipv4.port -> server_ipv4.port outcoming_ipv4.port
Unfortunately there's no delimiter for those IPs, e.g., 94.25.169.233.27725. If you could split the last part, then it you could do:
goaccess access.log --log-format='%^(%x.%^) %v: %^ %^ %U %^ %e@%h:%^ %^ %^' --date-format=%s --time-format=%s --ignore-panel=REQUESTS_STATIC --ignore-panel=NOT_FOUND --ignore-panel=OS --ignore-panel=BROWSERS --ignore-panel=REFERRERS --ignore-panel=REFERRING_SITES --ignore-panel=STATUS_CODES --http-method=no --http-protocol=no
👍2
Thx!
Enfield
on 19 Apr 2018
Was this page helpful?
0 / 5 - 0 ratings
Related issues
domainoverflow
路
3Comments
securixhk
路
3Comments
Tassleh0ff
路
4Comments
konungrl
路
3Comments
LoanDEV
路
3Comments
Most helpful comment
Unfortunately there's no delimiter for those IPs, e.g.,
94.25.169.233.27725. If you could split the last part, then it you could do: