GoAccess

Self-Hosted

Real‑time web log analytics in the terminal or browser

Active(75)

19.9kstars

0views

Updated Sep 16, 2025

1 / 2

Overview

Discover what makes GoAccess powerful

GoAccess is a high‑performance, real‑time web log analyzer written entirely in C. Its core mission is to ingest HTTP access logs and expose rich, interactive dashboards either directly in a terminal (via `ncurses`) or as a self‑contained HTML report served over WebSocket. The application is engineered for speed: it updates terminal panels every 200 ms and HTML panels every second, making it ideal for live monitoring during deployments or troubleshooting sessions. Unlike heavier analytics stacks that rely on external databases, GoAccess keeps all state in memory using highly optimized hash tables, yet it also offers optional on‑disk persistence for long‑term retention.

Real‑time analytics

Extensive log format support

Response‑time tracking

Virtual‑host awareness

Overview

GoAccess is a high‑performance, real‑time web log analyzer written entirely in C. Its core mission is to ingest HTTP access logs and expose rich, interactive dashboards either directly in a terminal (via ncurses) or as a self‑contained HTML report served over WebSocket. The application is engineered for speed: it updates terminal panels every 200 ms and HTML panels every second, making it ideal for live monitoring during deployments or troubleshooting sessions. Unlike heavier analytics stacks that rely on external databases, GoAccess keeps all state in memory using highly optimized hash tables, yet it also offers optional on‑disk persistence for long‑term retention.

Key Features

Real‑time analytics with millisecond and second granularity, suitable for both SSH sessions and browser dashboards.
Extensive log format support – Apache, Nginx, CloudFront, Amazon S3, ELB, Caddy, and custom format strings.
Response‑time tracking to surface slowest requests per hour or date.
Virtual‑host awareness, ASN mapping, and visitor metrics (hits, bandwidth).
WebSocket authentication via local or external JWT verification, with secure token refresh.
Docker‑ready image; configuration is driven by a single goaccess.conf file and volume mounts.

Technical Stack

Layer	Technology
Runtime	C (POSIX), `ncurses` for terminal UI, embedded WebSocket server (`gwsocket.io`)
Data handling	In‑memory hash tables, optional on‑disk persistence (binary format)
Output	Terminal (`ncurses`), HTML/Bootstrap dashboards, JSON/CSV exports
Containerization	Official Docker image; no external services required
Extensibility	Custom log format strings, plugin‑style configuration via `goaccess.conf`, optional WebSocket auth modules

Core Capabilities & APIs

Developers can treat GoAccess as a library‑like tool: the command line accepts a broad set of flags (e.g., --log-format, --output html, --persist) that can be scripted in CI/CD pipelines or systemd services. The embedded WebSocket server exposes a simple JSON API for real‑time metrics, enabling integration with monitoring dashboards (Grafana, Prometheus exporters) or custom front‑ends. The authentication layer can be swapped with external JWT providers, making it straightforward to embed GoAccess into existing auth ecosystems.

Deployment & Infrastructure

GoAccess is intentionally lightweight: a single binary, one runtime dependency (ncurses), and optional Docker image. It runs on any *nix host, making it a perfect fit for bare‑metal servers, VMs, or Kubernetes pods. The Docker image can be scaled horizontally by running multiple instances behind a load balancer, each processing distinct log files or virtual hosts. For high‑availability, the on‑disk persistence feature can be backed by a shared NFS or cloud block storage to recover state after restarts.

Integration & Extensibility

While GoAccess does not expose a traditional plugin API, its configuration system is highly modular. Log format strings can be extended with custom regexes; output themes and color schemes are configurable via CSS for the HTML dashboard. The WebSocket authentication module supports JWT verification against external services, allowing developers to plug in OAuth or SSO providers. Additionally, the JSON/CSV export can be consumed by downstream analytics pipelines (Elasticsearch, InfluxDB) or fed into custom dashboards.

Developer Experience

The project’s documentation is concise yet thorough, with clear sections for log format configuration, persistence options, and Docker usage. Community support is active on GitHub, with frequent CI/CD checks (actions/workflows/build-test.yml) ensuring reliability. The single‑binary distribution and minimal dependencies reduce the attack surface, which is a compelling point for security‑conscious teams. The open‑source license (MIT) removes commercial barriers, encouraging internal tooling integration.

Use Cases

Real‑time incident response: SSH into a production host and run GoAccess to spot spikes, 5xx errors, or malicious IPs instantly.
CI/CD monitoring: Hook GoAccess into a pipeline to validate log format changes or detect performance regressions before promotion.
Lightweight analytics: Deploy in a Kubernetes cluster to surface per‑pod request metrics without a dedicated monitoring stack.
Security hardening: Leverage ASN mapping and visitor counts to identify anomalous traffic patterns for automated firewall updates.

Advantages Over Alternatives

GoAccess offers unmatched speed due to its C implementation and in‑memory processing, outperforming JavaScript or Python‑based log analyzers. Its zero external dependency footprint eliminates the need for a database layer, simplifying deployment and reducing maintenance. The built‑in WebSocket server removes the requirement for an external reverse proxy, while still allowing JWT‑based auth. Finally, its permissive license and active community make it a low‑risk choice for both open‑source and commercial projects.