GoAccess - You do not need proprietary javascript to get analytics

Published 2020-08-23 on Anjan's Homepage

I run noscript in my web browser to block javascript by default. I often come across blogs that are fully functional with javascript disabled but ask to run some javascript. The javascript the blog asks to run is usually used to provide the webmaster with analytics about the users. The automatic loading of proprietary javascript is especially problematic if the javascript is served by a third party domain. Since you cannot control the security or personal ethics of the third party domain, you are putting your users at risk of downloading malware. The loading and execution of javascript also increases the load times of your website.

1 The problem and alternative solution

For a long time, I just didn't do any analytics because I thought running proprietary javascript (google analytics) was the only way. Not running any analytics has a number of disadvantages:

  1. You are not able to debug which pages might be down or not working
  2. You don't have insight into which pages are the biggest burden to serve
  3. You don't know what content attracts visitors
  4. You don't get a hit of dopamine by observing the growth of your blog

I found a solution that gives me insight into my website but preserves user freedom. "GoAccess, is an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser". Basically, goaccess reads in nginx or apache log files and outputs various analytics about your site.

On my server, I run the following command to analyze my nginx logs:

zcat -f /var/log/nginx/access.log*.gz | cat /var/log/nginx/access.log -  | grep -v | goaccess -f -

nginx compresses older access logs into access.log*.gz so I used zcat to decompress and concatenate all the archives. The ip address: represents http requests from my LAN. I only want to analyze traffic on WAN so I excluded by running grep -v where the -v flag "selects non-matching lines".

When goaccess opens, I select "NCSA Combined Log Format" and press Enter. Finally, I get the following output:

I prefer cli output but you can also get an html webpage to view.

2 My privacy policy

Since IP addresses can be used to track users, I obfuscate ip addresses with nginx. I left "log full ip address on hack / access denied attempts" on as the tutorial suggests. Logging IPs on error allows me to use tools like fail2ban to ban ip addresses that are trying to bruteforce my server. I also setup log rotation to delete my nginx logs older than 7 days. The log data stays on my server and is not exported to any other third party.

Hopefully goaccess gives you more motivation to write!

Have a comment on one of my posts? Start a discussion in my public inbox by sending an email to ~anjan/public-inbox@lists.sr.ht [mailing list etiquette]

Articles from blogs I follow around the net

These articles/blogs do not represent my own opinions or views.

Web analytics should at least meet the standards of informed consent

Research conducted on human beings, at least outside of the domain of technology, has to meet a minimum standard of ethical reasoning called informed consent. Details vary, but the general elements of informed consent are: Disclosure of the nature and purpose…

via Drew DeVault's blog December 4, 2020

How to Make Biomass Energy Sustainable Again

From the Neolithic to the beginning of the twentieth century, coppiced woodlands, pollarded trees, and hedgerows provided people with a sustainable supply of energy, materials, and food.

via LOW←TECH MAGAZINE September 20, 2020

Eshell versus M-x shell

I’ve used and defended Eshell for years. Sadly, Eshell has some long standing issues that I grew tired of in the long run. So I’ve decided to switch to M-x shell and see how much of my Eshell workflow I could port. Language and the underlying shell pr…

via Pierre Neidhardt's homepage June 26, 2020

Generated by openring