I run different services on my debian server and I would like to know if there any terminal command or something to show the countries and number connections that have established contact
For HTTP/web server logs: goaccess using the free db-ip database will give you country-level geolocation info.
For other connections (SSH etc.), setup a Graylog instance, send all your logs to it using rsyslog over TLS, setup pipelines to extract IP addresses from the messages, and setup the GeoIP plugin (https://graylog.org/post/how-to-set-up-graylog-geoip-configuration/). It’s not a small task though. My ansible roles for goaccess and graylog.
How I wish I had seen this about a month ago when I spent hours smarting up the nginx module and converting the maxmind DBs to v1 to make the compatible.
I do wonder how well this performs compared to the nginx module
Thanks for the answers, but my specs are very low (intel atom with 2GB ram), I only wanted to know which countries are using my snowflake tor bridge.
Graylog and elasticsearch might fit on that, depending on how much is already used, and if you set the heap sizes at their bare minimum… but it will perform badly, and it’s overkill anyway if you just need this simple stat.
I would look into writing a custom log parser for goaccess (https://goaccess.io/man#custom-log) and let it parse your bridge logs. This is how the geolocation section looks in the HTML report (each continent can be expanded and it will reveal the stat by country).
I update the report every hour via cron, as I don’t need real-time stats (but goaccess can do that).
The less straight forward way is to put a Middleware To query the IP with some geoIP site the get the info.
nginx+ supports geoIP blocking as well, there may be a free version of this feature
I think the most straightforward way to collect these info would be to use Cloudflare as the DNS for your domains, which allows for a good deal of analytics.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web IP Internet Protocol SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL nginx Popular HTTP server
6 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #224 for this sub, first seen 19th Oct 2023, 08:15] [FAQ] [Full list] [Contact] [Source code]