I run different services on my debian server and I would like to know if there any terminal command or something to show the countries and number connections that have established contact

  • vegetaaaaaaa@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    1 year ago

    For HTTP/web server logs: goaccess using the free db-ip database will give you country-level geolocation info.

    For other connections (SSH etc.), setup a Graylog instance, send all your logs to it using rsyslog over TLS, setup pipelines to extract IP addresses from the messages, and setup the GeoIP plugin (https://graylog.org/post/how-to-set-up-graylog-geoip-configuration/). It’s not a small task though. My ansible roles for goaccess and graylog.

    • entropicshart@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      How I wish I had seen this about a month ago when I spent hours smarting up the nginx module and converting the maxmind DBs to v1 to make the compatible.

      I do wonder how well this performs compared to the nginx module

    • supervent@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Thanks for the answers, but my specs are very low (intel atom with 2GB ram), I only wanted to know which countries are using my snowflake tor bridge.

      • vegetaaaaaaa@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Graylog and elasticsearch might fit on that, depending on how much is already used, and if you set the heap sizes at their bare minimum… but it will perform badly, and it’s overkill anyway if you just need this simple stat.

        I would look into writing a custom log parser for goaccess (https://goaccess.io/man#custom-log) and let it parse your bridge logs. This is how the geolocation section looks in the HTML report (each continent can be expanded and it will reveal the stat by country).

        I update the report every hour via cron, as I don’t need real-time stats (but goaccess can do that).

  • Amity_Noceda@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    The less straight forward way is to put a Middleware To query the IP with some geoIP site the get the info.

    nginx+ supports geoIP blocking as well, there may be a free version of this feature

  • Engywuck@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    2
    ·
    edit-2
    1 year ago

    I think the most straightforward way to collect these info would be to use Cloudflare as the DNS for your domains, which allows for a good deal of analytics.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    HTTP Hypertext Transfer Protocol, the Web
    IP Internet Protocol
    SSH Secure Shell for remote terminal access
    SSL Secure Sockets Layer, for transparent encryption
    TLS Transport Layer Security, supersedes SSL
    nginx Popular HTTP server

    6 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.

    [Thread #224 for this sub, first seen 19th Oct 2023, 08:15] [FAQ] [Full list] [Contact] [Source code]