ayano

command module

v0.0.8 Latest Latest Go to latest Published: Apr 7, 2024 License: MIT Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/taoky/ayano

Links

Open Source Insights

README ¶

ayano

Follow nginx log, and find out bad guys! Ayano parses nginx log and shows clients eating most bandwidth every few seconds.

Build

CGO_ENABLED=0 go build

Usage

> ./ayano -h
Usage of ./ayano:
  -absolute
        Show absolute time for each item
  -analyse
        Log analyse mode (no tail following, only show top N at the end, and implies -whole)
  -daemon
        Daemon mode, prints out IP cidr and total size every 1GiB
  -n int
        Show top N values (0 means no limit) (default 10)
  -no-netstat
        Do not detect active connections
  -outlog string
        Change log output file
  -parser string
        Parser to use (nginx-json or nginx-combined) (default "nginx-json")
  -r int
        Refresh interval in seconds (default 5)
  -server string
        Server IP to filter (nginx-json only)
  -threshold string
        Threshold size for request (only requests larger than this will be counted) (default "100M")
  -whole
        Analyze whole log file and then tail it
> # Example 1
> ./ayano -n 20 -threshold 50M /var/log/nginx/access_json.log
> # Example 2
> ./ayano -n 50 -whole -parser nginx-combined /var/log/nginx/access.log
> # Example 3. This will use fast path to analyse log, and just print result and quit.
> ./ayano -n 100 -analyse /var/log/nginx/access_json.log

Daemon mode (experimental)

Daemon mode is a simple log output mode that intended to work with fail2ban. Read https://github.com/taoky/ayano/issues/3 for current log format. A reference systemd service file and logrotate file are provided in assets/.

Please note that the stats output would NOT be rotated (unless you restart ayano).

If you don't like to use fail2ban, you could also use this simple one-liner to check stats. Here is an example:

$ awk '{print $3}' record.log | sort | uniq -c | sort -nr
36 114.5.14.0/24
 3 191.9.81.0/24

which means that "114.5.14.0/24" takes at least 36GiB bandwidth, and "191.9.81.0/24" takes at least 3GiB bandwidth, for the time period this log file covers.

Format support

Ayano supports two types of nginx log:

Standard "combined" format access log.

JSON format access log configured as:

log_format ngx_json escape=json '{'
    '"timestamp":$msec,'
    '"clientip":"$remote_addr",'
    '"serverip":"$server_addr",'
    '"method":"$request_method",'
    '"url":"$request_uri",'
    '"status":$status,'
    '"size":$body_bytes_sent,'
    '"resp_time":$request_time,'
    '"http_host":"$host",'
    '"referer":"$http_referer",'
    '"user_agent":"$http_user_agent"'
    '}';

Naming

Ayano is named after Sugiura Ayano, the Student Council vice-president in Yuru Yuri.

Also, if you want something easier to use than iftop... Please try my new little project chitose!

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
parser

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL